Which statement describes a media destruction policy under 9.8?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Boost your readiness for the PCI DSS Requirements Exam with engaging flashcards and comprehensive multiple choice questions. Each comes with hints and explanations to maximize your understanding!

Multiple Choice

Which statement describes a media destruction policy under 9.8?

Explanation:
A media destruction policy must apply to all media types containing cardholder data and specify how to render data unrecoverable. That means the policy should cover both hard-copy materials (like printouts and reports) and electronic media (such as laptops, servers, USB drives, and backups), with clear destruction methods appropriate to each type. PCI DSS requires a comprehensive policy because CHD can reside in multiple formats, and leaving any one format out creates a security gap during disposal. The policy isn’t optional; having a defined, formal process ensures consistent, approved destruction practices across all media.

A media destruction policy must apply to all media types containing cardholder data and specify how to render data unrecoverable. That means the policy should cover both hard-copy materials (like printouts and reports) and electronic media (such as laptops, servers, USB drives, and backups), with clear destruction methods appropriate to each type. PCI DSS requires a comprehensive policy because CHD can reside in multiple formats, and leaving any one format out creates a security gap during disposal. The policy isn’t optional; having a defined, formal process ensures consistent, approved destruction practices across all media.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy