← Frameworks / PCI HSM / Control Mappings

PCI PIN Security Requirements v3.1

PCI requirements for the secure management of PINs and cryptographic keys used in payment transactions. Covers Hardware Security Module (HSM) physical and logical security, key management lifecycle, PIN entry device validation, PIN transmission encryption (ISO 9564), key injection ceremonies, DUKPT key derivation, and certificate management. Mandatory for acquirers, processors, and their agents handling PIN-based transactions.

Controls: 56
Total Mappings: 81
Publisher: PCI Security Standards Council Version: 3.1
PCI HSM → SP 800-53 SP 800-53 → PCI HSM Coverage Analysis
AC (6) AU (6) CA (3) CM (5) IA (2) IR (3) MP (2) PE (10) PL (2) PM (3) PS (4) SA (1) SC (5) SI (1) SR (3)

AC Access Control

Control Name PCI HSM References
AC-01 Access Control Policies and Procedures
1
AC-03 Access Enforcement
48
AC-04 Information Flow Enforcement
3
AC-05 Separation Of Duties
156
AC-06 Least Privilege
1458
AC-17 Remote Access
3

AU Audit and Accountability

Control Name PCI HSM References
AU-01 Audit And Accountability Policy And Procedures
10
AU-02 Auditable Events
68
AU-03 Content Of Audit Records
8
AU-06 Audit Monitoring, Analysis, And Reporting
108
AU-11 Audit Record Retention
10
AU-12 Audit Record Generation
68

CA Security Assessment and Authorization

Control Name PCI HSM References
CA-02 Security Assessments
10
CA-05 Plan Of Action And Milestones
10
CA-07 Continuous Monitoring
10

CM Configuration Management

Control Name PCI HSM References
CM-02 Baseline Configuration
8
CM-03 Configuration Change Control
4589
CM-05 Access Restrictions For Change
4
CM-06 Configuration Settings
8
CM-08 Information System Component Inventory
2

IA Identification and Authentication

Control Name PCI HSM References
IA-05 Authenticator Management
9
IA-08 Identification and Authentication (Non-Organizational Users)
9

IR Incident Response

Control Name PCI HSM References
IR-01 Incident Response Policy And Procedures
10
IR-04 Incident Handling
10
IR-06 Incident Reporting
10

MP Media Protection

Control Name PCI HSM References
MP-04 Media Storage
5
MP-06 Media Sanitization And Disposal
5

PE Physical and Environmental Protection

Control Name PCI HSM References
PE-01 Physical And Environmental Protection Policy And Procedures
7
PE-02 Physical Access Authorizations
6
PE-03 Physical Access Control
267
PE-04 Access Control For Transmission Medium
7
PE-05 Access Control For Display Medium
7
PE-06 Monitoring Physical Access
67
PE-09 Power Equipment And Power Cabling
7
PE-13 Fire Protection
7
PE-15 Water Damage Protection
7
PE-18 Location Of Information System Components
7

PL Planning

Control Name PCI HSM References
PL-01 Security Planning Policy And Procedures
1
PL-02 System Security Plan
1

PM Program Management

Control Name PCI HSM References
PM-01 Information Security Program Plan
1
PM-02 Information Security Program Leadership Role
1
PM-06 Measures of Performance
10

PS Personnel Security

Control Name PCI HSM References
PS-01 Personnel Security Policy And Procedures
1
PS-02 Position Categorization
1
PS-06 Access Agreements
156
PS-07 Third-Party Personnel Security
6

SA System and Services Acquisition

Control Name PCI HSM References
SA-04 Acquisitions
2

SC System and Communications Protection

Control Name PCI HSM References
SC-08 Transmission Integrity
3
SC-12 Cryptographic Key Establishment And Management
34569
SC-13 Use Of Cryptography
3459
SC-17 Public Key Infrastructure Certificates
9
SC-23 Session Authenticity
3

SI System and Information Integrity

Control Name PCI HSM References
SI-07 Software And Information Integrity
8

SR Supply Chain Risk Management

Control Name PCI HSM References
SR-09 Tamper Resistance and Detection
27
SR-10 Inspection of Systems or Components
2
SR-11 Component Authenticity
2