Which statement describes a media destruction policy under 9.8?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the PCI DSS Test with detailed questions and explanations. Use flashcards and quizzes to enhance knowledge. Ensure you're ready for your certification exam!

Multiple Choice

Which statement describes a media destruction policy under 9.8?

Explanation:
A media destruction policy must apply to all media types containing cardholder data and specify how to render data unrecoverable. That means the policy should cover both hard-copy materials (like printouts and reports) and electronic media (such as laptops, servers, USB drives, and backups), with clear destruction methods appropriate to each type. PCI DSS requires a comprehensive policy because CHD can reside in multiple formats, and leaving any one format out creates a security gap during disposal. The policy isn’t optional; having a defined, formal process ensures consistent, approved destruction practices across all media.

A media destruction policy must apply to all media types containing cardholder data and specify how to render data unrecoverable. That means the policy should cover both hard-copy materials (like printouts and reports) and electronic media (such as laptops, servers, USB drives, and backups), with clear destruction methods appropriate to each type. PCI DSS requires a comprehensive policy because CHD can reside in multiple formats, and leaving any one format out creates a security gap during disposal. The policy isn’t optional; having a defined, formal process ensures consistent, approved destruction practices across all media.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy