PA-DSS
E193743
PA-DSS (Payment Application Data Security Standard) is a security standard that defines requirements for software vendors to ensure their payment applications securely handle cardholder data and support PCI DSS compliance.
All labels observed (7)
| Label | Occurrences |
|---|---|
| PA-DSS canonical | 3 |
| PA-DSS v1.1 | 1 |
| PA-DSS v1.2 | 1 |
| PA-DSS v2.0 | 1 |
| PA-DSS v3.1 | 1 |
| PA-DSS v3.2 | 1 |
| PCI SSF | 1 |
How this entity was disambiguated
This entity first appeared as the object of triple T1711641 — resolving that mention is where its identity was fixed. The disambiguator weighed these candidate entities and picked the highlighted one (or “None”, minting a new entity). This is how homonymy is resolved: the same surface form can point to different entities.
Target entity: PA-DSS Context triple: [PCI Security Standards Council, developsStandard, PA-DSS]
-
A.
PCI DSS
PCI DSS (Payment Card Industry Data Security Standard) is a global set of security requirements designed to protect cardholder data and reduce credit card fraud for organizations that handle payment card information.
-
B.
PCI Security Standards Council
The PCI Security Standards Council is a global forum that develops and manages security standards for payment card data protection, including the PCI Data Security Standard (PCI DSS).
-
C.
NIST SP 800 series
The NIST SP 800 series is a collection of special publications from the U.S. National Institute of Standards and Technology that provide guidelines, recommendations, and technical specifications for information security and risk management.
-
D.
NIST SP 800-56C
NIST SP 800-56C is a NIST Special Publication that provides recommendations for key derivation methods in key-establishment schemes used in cryptographic systems.
-
E.
NIST SP 800-56B
NIST SP 800-56B is a NIST Special Publication that provides recommendations for cryptographic key establishment using RSA-based key transport and key agreement schemes.
- F. None of above. chosen
- G. Unsure - the case is ambiguous/there is not enough information to decide.
Target entity: PA-DSS Target entity description: PA-DSS (Payment Application Data Security Standard) is a security standard that defines requirements for software vendors to ensure their payment applications securely handle cardholder data and support PCI DSS compliance.
-
A.
PCI DSS
PCI DSS (Payment Card Industry Data Security Standard) is a global set of security requirements designed to protect cardholder data and reduce credit card fraud for organizations that handle payment card information.
-
B.
PCI Security Standards Council
The PCI Security Standards Council is a global forum that develops and manages security standards for payment card data protection, including the PCI Data Security Standard (PCI DSS).
-
C.
NIST SP 800 series
The NIST SP 800 series is a collection of special publications from the U.S. National Institute of Standards and Technology that provide guidelines, recommendations, and technical specifications for information security and risk management.
-
D.
NIST SP 800-56C
NIST SP 800-56C is a NIST Special Publication that provides recommendations for key derivation methods in key-establishment schemes used in cryptographic systems.
-
E.
NIST SP 800-56B
NIST SP 800-56B is a NIST Special Publication that provides recommendations for cryptographic key establishment using RSA-based key transport and key agreement schemes.
- F. None of above. chosen
Statements (49)
| Predicate | Object |
|---|---|
| instanceOf |
PCI SSC standard
ⓘ
information security standard ⓘ payment application security standard ⓘ |
| abbreviationOf | Payment Application Data Security Standard ⓘ |
| appliesTo |
payment application integrators
ⓘ
payment application software vendors ⓘ |
| definedBy | PCI Security Standards Council ⓘ |
| domain |
financial services security
ⓘ
payment card security ⓘ |
| focusesOn |
secure authentication data handling
ⓘ
secure handling of cardholder data ⓘ secure storage of cardholder data ⓘ secure transmission of cardholder data ⓘ |
| fullName | Payment Application Data Security Standard ⓘ |
| geographicScope | global ⓘ |
| governs | payment applications ⓘ |
| includesRequirement |
do not retain CVV2 or CVC2 data
ⓘ
do not retain PIN or PIN block data ⓘ do not retain full magnetic stripe data ⓘ documentation for secure implementation by integrators and merchants ⓘ encrypt cardholder data over open public networks ⓘ logging and audit trails in payment applications ⓘ protect stored cardholder data ⓘ secure authentication and access control ⓘ secure remote access to payment applications ⓘ secure software development practices ⓘ vulnerability management for payment applications ⓘ |
| notApplicableTo | in-house developed payment applications used only by a single merchant ⓘ |
| primaryGoal |
to help ensure that payment applications do not store prohibited cardholder data
ⓘ
to help protect cardholder data in payment applications ⓘ to support PCI DSS compliance for merchants ⓘ |
| publisher | PCI Security Standards Council ⓘ |
| relatedTo | PCI DSS ⓘ |
| replacedBy |
PCI Secure Software Lifecycle Standard
ⓘ
PCI Secure Software Lifecycle Standard ⓘ
surface form:
PCI Secure Software Standard
PCI Software Security Framework ⓘ |
| retirementAnnouncedBy | PCI Security Standards Council ⓘ |
| scope | third-party payment application products sold to multiple customers ⓘ |
| status | retired ⓘ |
| supports | PCI DSS compliance ⓘ |
| usedBy |
payment application assessors
ⓘ
payment application vendors worldwide ⓘ |
| version |
1.0
ⓘ
1.1 ⓘ 1.2 ⓘ 2.0 ⓘ 3.0 ⓘ 3.1 ⓘ 3.2 ⓘ |
How these facts were elicited
The pipeline generated the facts above by prompting gpt-5.1 with this entity's name + description and the instruction below.
You are a knowledge base construction expert. Given a subject entity and a description of it, return factual statements that you know for the subject as a JSON list of dictionaries(triples), where keys must be "subject", "predicate" and "object". The number of facts may be very high, between 25 to 50 or more, for very popular subjects. For less popular subjects, the number of facts can be very low, like 5 or 10. # Requirements - If you don't know the subject at all, return an empty list. - If the subject is not a named entity, return an empty list. - Include at least one triple where predicate is "instanceOf". - Do not get too wordy. - Separate several objects into multiple triples with one object.
Subject: PA-DSS Description of subject: PA-DSS (Payment Application Data Security Standard) is a security standard that defines requirements for software vendors to ensure their payment applications securely handle cardholder data and support PCI DSS compliance.
Referenced by (9)
Full triples — surface form annotated when it differs from this entity's canonical label.