atsec information security

www.atsec.com

email contact for PA-DSS: pci-info@atsec.com

PA-DSS RFI v1.0 © 2010 atsec information security page 1/5

Payment Application Data Security Standard (PA-DSS) Assessment Request for Information

This form guides you in gathering the basic information that atsec needs in order to provide you with information about a Payment Application Data Security Standard (PA-DSS) Assessment.

Please complete this form and submit it via email or fax. If you have concerns about sharing proprietary information, please contact us to set up an NDA and appropriate transaction security before submitting the form to us.

More information on PA-DSS is available from the PCI Security Standards Council at: https://www.pcisecuritystandards.org/security_standards/pa_dss.shtml.

Contact Information

Company name:      

Contact name:      

Address:      

City:      

State:      

Country:      

Zip/Postal code:      

Email:      

Phone:      

Application Details

What is the name and version of the application?

     

What is the version number of the application?

     

Provide a brief description of the application:

     

PA-DSS RFI v1.0 © 2010 atsec information security page 2/5

PA-DSS Assessment Request for Information

Select all application functionality that applies:

Point of Sale

Middleware

Automated Fuel Dispenser

Shopping Cart

Settlement, back-end processing

Gateway

Other

What kinds of transactions are supported?

Card not present (E-Commerce)

Card present

Select the application architecture:

Hardware-terminal

Client/server

Standalone

Networked

Module-based (only a subset of software modules are involved in transaction processing)

SaaS (Software as a Service, hosted remotely)

What platforms/operating systems is the application is running on?

     

Which application servers are being used (for example, WebSphere, WebLogic)?

     

Are there any web-based user/administration interfaces?

Yes

No

Which authentication mechanisms does the application support?

PINs/Passwords

Certificates

Biometric properties

Other

PA-DSS RFI v1.0 © 2010 atsec information security page 3/5

PA-DSS Assessment Request for Information

Scope

What is the size of the application’s typical customers?

Large (for example, organizations with multiple branches)

Small (for example, local businesses)

The application is sold via:

Integrators

Resellers

Direct

Who installs and configures the application?

Your organization

Reseller

Customer

Are parts of the application hosted by you (for example, processing back-end)?

Yes

No

Is remote access to the application (for administering, servicing) possible?

Yes, the payment application provider/integrators have remote access for service purposes

Yes, the customer’s administrators have access for operational purposes

No

Is this a new application, or have earlier versions been distributed to customers?

Yes, it’s new

No, earlier versions exist

Languages the application is marketed to (for example, English, Spanish):

     

Is wireless technology (for example, WLAN, infrared) integrated into the application?

Yes

No

PA-DSS RFI v1.0 © 2010 atsec information security page 4/5

PA-DSS Assessment Request for Information

Advanced Preparation

Has this or an earlier version of the application been certified under PABP or PA-DSS before?

No

Yes

If yes, will previous test reports be available for the lab’s use?

Yes

No

Do you expect to need help from atsec understanding the requirements of the PA-DSS and bringing your application into compliance with PA-DSS?

Yes

No

Are administration/user/installation/configuration manuals available?

Yes

No

If yes, please provide a copy with this RFI.

Has a PA-DSS Implementation Guide been written?

Yes

No

If yes, please provide a copy with this RFI.

Do you have a test environment that simulates a real-life environment to test all of the application’s functionality and supported transactions?

Yes

No

Comments

Additional comments:

     

If you have any questions, please contact atsec at pci-info@atsec.com or by telephone (see http://www.atsec.com/us/addresses-contact.html for regional office numbers).

PA-DSS RFI v1.0 © 2010 atsec information security page 5/5