Where an entity under assessment is using the customized approach, which of the following steps is the responsibility of the assessor?

QSA_New_V4 0 Comments

Where an entity under assessment is using the customized approach, which of the following steps is the responsibility of the assessor?
A . Monitor the control.
B . Derive testing procedures and document them in Appendix E of the ROC.
C . Document and maintain evidence about each customized control as defined in Appendix E of PCI DSS.
D . Perform the targeted risk analysis as per PCI DSS requirement 12.3.2.

Answer: C

Explanation:

Customized Approach Overview

Appendix E of PCI DSS v4.0 outlines the customized approach, which allows entities to demonstrate their control effectiveness using methods that differ from the defined approach.

Assessor Responsibilities QSAs must document and maintain detailed evidence for each customized control implemented by the entity.

Evidence must support how the customized control meets the security objectives of the original requirement.

Testing and Validation

The QSA must perform validation to confirm the customized control’s adequacy and effectiveness and ensure it sufficiently addresses the requirement’s intent. ​ Documentation

All findings, testing procedures, and conclusions must be recorded in the Report on Compliance (ROC) Appendix E, providing traceability and transparency​.

Latest QSA_New_V4 Dumps Valid Version with 40 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download QSA_New_V4 PDF    QSA_New_V4 Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments