PCI DSS DESV | Designated Entities Supplementary Validation
SISA Information Security Inc.
Designated Entities Supplementary Validation, PCI DSS compliance program, PCI DSS DESV,
PCI DSS Designated Entities Supplementary Validation is intended to provide greater assurance for PCI DSS Compliance and to ensure controls are maintained effectively and validation is done as business-as-usual (BAU) processes. While PCI DSS is focused on cybersecurity, the DESV addresses risk management, governance, controls, and process maturity to a greater extent. Designated Entities include entities that may be at greater risk for compromise including those that store, process, and/or transmit large amounts of card data, provide aggregation points for cardholder data, or that have suffered significant or repeated breaches of cardholder data. A Designated Entity is determined by an Acquirer or Payment Brand as an organization that requires additional validation to existing PCI DSS requirements.
The DESV has to be done in conjunction with PCI DSS and contains additional security control requirements that are organized into 5 control areas:
Implement a PCI DSS compliance program
Document and validate PCI DSS scope
Validate that PCI DSS is incorporated into business-as-usual activities
Control and manage logical access to the cardholder data environment
Identify and respond to suspicious events.
Even if your organization is not a Designated Entity, DESV can be used to complement any entity’s PCI DSS compliance efforts, and all entities are encouraged to follow DESV as a best practice.
Designated Entities Supplementary Validation
, PCI DSS compliance program
, PCI DSS DESV