What does requirement 8.2 require regarding credentials?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the PCI Approved Scanning Vendor (ASV) Test. Study with flashcards, multiple choice questions, hints, and explanations. Get exam ready!

Multiple Choice

What does requirement 8.2 require regarding credentials?

Explanation:
Protecting credentials means ensuring they cannot be read by anyone who isn’t authorized. Requirement 8.2 asks you to render credentials unreadable during both transmission and storage. In practice, this means encrypting data as it moves across networks (like using TLS) and protecting stored credentials with strong cryptographic measures (for passwords, this often involves hashing with salt, and for other secrets or keys, encrypting them with protected keys and proper key management). The goal is that even if data is captured or accessed, the information remains unintelligible to unauthorized parties. Storing credentials in plaintext, relying only on symmetric encryption without broader protection, or not encrypting at all would fail to meet this requirement because they leave sensitive data readable or vulnerable.

Protecting credentials means ensuring they cannot be read by anyone who isn’t authorized. Requirement 8.2 asks you to render credentials unreadable during both transmission and storage. In practice, this means encrypting data as it moves across networks (like using TLS) and protecting stored credentials with strong cryptographic measures (for passwords, this often involves hashing with salt, and for other secrets or keys, encrypting them with protected keys and proper key management). The goal is that even if data is captured or accessed, the information remains unintelligible to unauthorized parties.

Storing credentials in plaintext, relying only on symmetric encryption without broader protection, or not encrypting at all would fail to meet this requirement because they leave sensitive data readable or vulnerable.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy