Appendix A1: Additional PCI DSS Requirements for Shared Hosting Providers - Answer- Requirement A1: Shared hosting providers must protect the cardholder
... [Show More] data environment.Shared hosting providers must protect each entity's hosted environment and data. Therefore, shared hosting providers must additionally comply with the requirements in Appendix A1.
A1 - Protect each entity's (that is, merchant, service provider, or other entity) hosted environment and data: - Answer- Appendix A1 of PCI DSS is intended for shared hosting providers who wish to provide their merchant and/or service provider customers with a PCI DSS compliant hosting environment.
A1.1 - Appendix A1 of PCI DSS is intended for shared hosting providers who wish to provide their merchant and/or service provider customers with a PCI DSS compliant hosting environment. - Answer- If a merchant or service provider is allowed to run their own applications on the shared server, these should run with the user ID of the merchant or service provider, rather than as a privileged user.
A1.2 - Restrict each entity's access and privileges to its own cardholder data environment only. - Answer- Access and privileges must be restricted such that each merchant or service provider has access only to their own environment.
A1.3 - Ensure logging and audit trails are enabled and unique to each entity's cardholder data environment and consistent with PCI DSS Requirement 10. - Answer- Logs should be available in a shared hosting environment so the merchants and service providers have access to, and can review, logs specific to their cardholder data environment.
A1.4 - Enable processes to provide for timely forensic investigation in the event of a compromise to any hosted merchant or service provider. - Answer- Shared hosting providers must have processes to provide quick and easy response in the event that a forensic investigation is needed for a compromise, down to the appropriate level of detail so that an individual merchant's or service provider's details are available. [Show Less]