PCI-DSS SAQ Information

PCI Compliance is a merchants responsibility. Some questions within your SAQ relate to infrastructure/server configuration, for which you can find the scope and appropriate answer below.

Physical Architecture

MageStack PCI Layout

SAQ Answers

Section Scope Response Condition
1.1.1 - 1.5 Sonassi Yes  
2.1.a - 2.1.b Sonassi Yes  
2.1.1.a - 2.1.1.e Sonassi N/A  
2.2.a - 2.5 Sonassi Yes  
3.1.a - 3.7 You Yes If using Magento Payment Bridge or 3rd Party for cardholder data storage. No if not using Magento Payment Bridge when storing cardholder data
4.1.a - 4.3 You Yes/No If using HTTPS. No if not using HTTPS
5.1 - 5.4 Sonassi Yes  
6.3.a - 6.3.2 You   This depends on your own development practice
6.4.1.a -6.4.1.b You Yes If using separate domain groups for your stores
6.4.2 - 6.5.b You   This depends on your own development practice
6.5.1 - 6.5.10 You Yes For a standard Magento installation, however, this does not include any untested 3rd party modules/code/template you may be using
6.6 - 6.7 Sonassi Yes  
7.1 - 7.3 You   This depends on your own personel management
8.1.1 - 8.8 Both Yes Provided you comply with the conditions that apply to you
9.1 - 9.8.2 Sonassi Yes  
9.9.a - 9.10 You   This depends on your own cardholder data processing practice
10.1.a - 10.6.3.b Sonassi Yes  
10.7.a - 10.7.c Sonassi Yes If using our long term log storage facility
10.8 Sonassi Yes  
11.1 - 11.2 Sonassi N/A  
11.3 - 11.3.4 You Yes This depends on your PCI ASV
11.4 Sonassi Yes Per our standard firewall policy
11.5 Sonassi Yes Per our vulnerability scanner
11.5.1 Sonassi Yes Per our audit log notifier
11.6 Sonassi Yes Per documentation here
12.1 - 12.7 Both Yes Yes for Sonassi, but also depends on your own security
12.8.1 - 12.10.6 You   This depends on your own cardholder data storage practice