Question About PCI Solution
Quick question about the PCI solution -
When assessing an environment for PCI compliance, the PCI solution comes with both a "PCI Controls" app, which lets you pick specific (or all) controls to test manually, as well as a Self-Assessment Questionnaire (SAQ). How are these related? Are we supposed to use both, or only choose 1, per environment?
The reason I ask is because one of the data feeds is supposed to link findings generated by the SAQ back to their respective PCI Controls, which makes it look like you're supposed to use both. If I chose to use only the SAQ, then the data feed would not have any PCI Controls to link to!
Worst case scenario: the SAQ chosen has 50 questions, but I only chose 10 PCI Controls. If there are 30 findings, what happens do the 20 that do not have a PCI Control generated?
The PCI Solution demo video says you can choose either one. But the data feeds, as well as process diagram in the Use Case guide, act like they are both supposed to be used every time.
- Community Thread
- Forum Thread
- pci controls
- pci management
- pci use case
- RSA Archer
- RSA Archer Suite
- Solutions and Use Cases