PCI DSS v4.0 emphasizes the need to classify media based on the sensitivity of the data it contains. Media classification ensures appropriate handling, storage, and destruction processes.
Media Protection Requirements
Media containing cardholder data must be securely stored, transferred, and destroyed when no longer needed.
Classification informs the level of protection required, such as encryption, physical security, or controlled access.
Incorrect Options
Option B: Moving media quarterly is not a requirement.
Option C: Labeling as "Confidential" is insufficient without a comprehensive protection strategy.
Option D: Destruction schedules should depend on retention requirements and data sensitivity, not a universal timeline.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit