Which requirement prohibits copying, moving, and storing cardholder data onto local drives and removable media unless explicitly authorized for a defined business need?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the PCI Data Security Standard Test with our quiz. Use flashcards and multiple-choice questions to learn each concept. Get ready to excel in your examination!

Multiple Choice

Which requirement prohibits copying, moving, and storing cardholder data onto local drives and removable media unless explicitly authorized for a defined business need?

Explanation:
The question tests data minimization and media handling for cardholder data. The rule ensures cardholder data isn’t copied, moved, or stored on local drives or removable media unless there is a clearly defined business need and explicit authorization to do so. This reduces the risk of CHD exposure by keeping sensitive data off unmanaged devices and media, where it’s easier to lose, steal, or access inappropriately. When such an exception is truly necessary, it must be narrowly defined, approved, and monitored, with controls (like encryption and access restrictions) in place to protect the data. Other options point to different aspects of PCI DSS (policy, general risk processes, or other operational controls) and do not state this specific prohibition on storing CHD on local or removable media or the requirement for explicit authorization for exceptions.

The question tests data minimization and media handling for cardholder data. The rule ensures cardholder data isn’t copied, moved, or stored on local drives or removable media unless there is a clearly defined business need and explicit authorization to do so. This reduces the risk of CHD exposure by keeping sensitive data off unmanaged devices and media, where it’s easier to lose, steal, or access inappropriately. When such an exception is truly necessary, it must be narrowly defined, approved, and monitored, with controls (like encryption and access restrictions) in place to protect the data.

Other options point to different aspects of PCI DSS (policy, general risk processes, or other operational controls) and do not state this specific prohibition on storing CHD on local or removable media or the requirement for explicit authorization for exceptions.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy