PCI Review Audit Work Program
Subscriber Content
An Essential PCI Review Audit Checklist for Organizations
This audit program sample can be used by organizations to process PINs; create cryptographic keys; and administer, load and transmit secure keys.
In this sample, all keys and key components are generated using an approved random or pseudo-random process, compromise of the key-generation process is not possible without collusion between at least two trusted individuals, documented procedures exist and are demonstrably in use for all key generation processing, and secret or private keys are transferred by physically forwarding the key in at least two separate full-length components (hard copy, smart card and TRSM) using different communication channels.