
PCI PA-DSS Template for Report on Validation for use with PA-DSS v3.2, Revision 1.0 May 2016
© 2016 PCI Security Standards Council, LLC. All Rights Reserved. Page ii
Table of Contents
Document Changes ...................................................................................................................................................................................................... i
Introduction to the ROV Template .............................................................................................................................................................................. 1
ROV Sections ..................................................................................................................................................................................................... 1
ROV Summary of Findings ....................................................................................................................................................................................... 2
ROV Reporting Details .............................................................................................................................................................................................. 4
PA-DSS Implementation Guide ................................................................................................................................................................................ 4
Do’s and Don’ts: Reporting Expectations ................................................................................................................................................................. 5
ROV Template for PCI Payment Application Data Security Standard v3.2 ............................................................................................................ 6
1. Contact Information and Report Date ................................................................................................................................................................. 6
1.1 Contact Information ............................................................................................................................................................................................. 6
1.2 Date and Timeframe of Assessment .................................................................................................................................................................. 7
1.3 PA-DSS Version ................................................................................................................................................................................................. 7
1.4 Additional services provided by PA-QSA/QSA company ................................................................................................................................... 7
2. Description of Scope of Work .............................................................................................................................................................................. 8
2.1 Scope Overview .................................................................................................................................................................................................. 8
2.2 Scope Description ............................................................................................................................................................................................... 8
2.3 PA-DSS Eligibility ................................................................................................................................................................................................ 9
2.4 Payment Application Functionality Assessed ..................................................................................................................................................... 9
2.5 Payment Application Functionality Excluded from Assessment ....................................................................................................................... 10
2.6 Tools Used by or Within the Payment Application to Access and/or View Cardholder Data ........................................................................... 10
2.7 Documentation Reviewed ................................................................................................................................................................................. 11
2.8 Individuals Interviewed...................................................................................................................................................................................... 12
3. Summary Overview ............................................................................................................................................................................................. 13
3.1 Assessment Overview ...................................................................................................................................................................................... 13
3.2 Testing Overview .............................................................................................................................................................................................. 14
3.3 Network diagram(s) of a typical implementation of the payment application ................................................................................................... 15
3.4 Communication points description .................................................................................................................................................................... 16
3.5 Dataflow diagram .............................................................................................................................................................................................. 17
3.6 Cardholder Data Storage .................................................................................................................................................................................. 18
3.7 Third-Party Software Dependencies and Requirements .................................................................................................................................. 18