req_3Level 1

Requirement 3 - Protect Stored Account Data

Requirement 3 of PCI DSS 4.0 mandates that all cardholder data retained after authorization be rendered unreadable, using strong encryption, truncation, masking, hashing, or tokenization, and that cryptographic keys be managed securely. It also requires limiting storage duration and protecting sensitive authentication data such as full magnetic-stripe, CVV, and PIN block values.

GET/api/v1/systems/reg_pci_dss/nodes/req_3

Manual TranscriptionProprietary (PCI SSC)Source

Hierarchy Explorer

Hierarchy ExplorerChevron to expand - click title to open

req_3_43.4 - Access to Displays of Full PAN and Copies Restricted

req_3_53.5 - Primary Account Number (PAN) Secured Wherever Stored

Cross-system equivalences0

No cross-system equivalences mapped for this node.

Report a data issue