← Frameworks / PCI PTS v6 / Control Mappings

PCI PTS POI Device Security Requirements v6

PCI PIN Transaction Security requirements for Point of Interaction (POI) devices including PIN entry terminals, unattended payment terminals, and mobile payment acceptance devices. Covers physical tamper resistance, logical security, firmware integrity, secure boot, key management, and vendor qualification across 7 evaluation modules. Required for all POI device types seeking PCI approval.

Controls: 63
Total Mappings: 92
Publisher: PCI Security Standards Council Version: 6
PCI PTS v6 → SP 800-53 SP 800-53 → PCI PTS v6 Coverage Analysis
AC (3) AU (5) CM (6) IA (2) MA (4) MP (1) PE (7) PS (3) SA (10) SC (9) SI (4) SR (9)

AC Access Control

Control Name PCI PTS v6 References
AC-04 Information Flow Enforcement
EJ
AC-17 Remote Access
EI
AC-18 Wireless Access Restrictions
J

AU Audit and Accountability

Control Name PCI PTS v6 References
AU-02 Auditable Events
L
AU-03 Content Of Audit Records
L
AU-06 Audit Monitoring, Analysis, And Reporting
L
AU-09 Protection Of Audit Information
L
AU-12 Audit Record Generation
L

CM Configuration Management

Control Name PCI PTS v6 References
CM-02 Baseline Configuration
K
CM-03 Configuration Change Control
BFK
CM-05 Access Restrictions For Change
B
CM-08 Information System Component Inventory
K
CM-09 Configuration Management Plan
K
CM-14 Signed Components
BF

IA Identification and Authentication

Control Name PCI PTS v6 References
IA-02 User Identification And Authentication
C
IA-07 Cryptographic Module Authentication
C

MA Maintenance

Control Name PCI PTS v6 References
MA-02 Controlled Maintenance
K
MA-03 Maintenance Tools
K
MA-04 Remote Maintenance
K
MA-06 Timely Maintenance
K

MP Media Protection

Control Name PCI PTS v6 References
MP-06 Media Sanitization And Disposal
K

PE Physical and Environmental Protection

Control Name PCI PTS v6 References
PE-03 Physical Access Control
ADI
PE-04 Access Control For Transmission Medium
AC
PE-05 Access Control For Display Medium
A
PE-06 Monitoring Physical Access
AI
PE-18 Location Of Information System Components
D
PE-19 Information Leakage
A
PE-20 Asset Monitoring and Tracking
AI

PS Personnel Security

Control Name PCI PTS v6 References
PS-03 Personnel Screening
H
PS-06 Access Agreements
H
PS-07 Third-Party Personnel Security
H

SA System and Services Acquisition

Control Name PCI PTS v6 References
SA-03 Life Cycle Support
H
SA-04 Acquisitions
GH
SA-08 Security Engineering Principles
F
SA-09 External Information System Services
H
SA-10 Developer Configuration Management
BF
SA-11 Developer Security Testing
F
SA-15 Development Process, Standards, and Tools
FH
SA-16 Developer-Provided Training
H
SA-17 Developer Security and Privacy Architecture and Design
F
SA-21 Developer Screening
H

SC System and Communications Protection

Control Name PCI PTS v6 References
SC-07 Boundary Protection
E
SC-08 Transmission Integrity
EIJ
SC-12 Cryptographic Key Establishment And Management
DE
SC-13 Use Of Cryptography
CDEJ
SC-17 Public Key Infrastructure Certificates
D
SC-23 Session Authenticity
E
SC-28 Protection of Information at Rest
C
SC-34 Non-modifiable Executable Programs
B
SC-40 Wireless Link Protection
J

SI System and Information Integrity

Control Name PCI PTS v6 References
SI-02 Flaw Remediation
F
SI-04 Information System Monitoring Tools And Techniques
IJL
SI-07 Software And Information Integrity
BFL
SI-16 Memory Protection
B

SR Supply Chain Risk Management

Control Name PCI PTS v6 References
SR-01 Policy and Procedures
G
SR-02 Supply Chain Risk Management Plan
G
SR-03 Supply Chain Controls and Processes
G
SR-05 Acquisition Strategies, Tools, and Methods
G
SR-06 Supplier Assessments and Reviews
G
SR-09 Tamper Resistance and Detection
AGI
SR-10 Inspection of Systems or Components
AGI
SR-11 Component Authenticity
AG
SR-12 Component Disposal
GK