PCI DSS · Protect account data
Req. 3 Protect stored account data
Render stored cardholder data unreadable, including through strong cryptography and key management.
Mapped across 13 provisions
Equivalent and related requirements in other frameworks and regulations.
- NIST CSF 2.0EquivalentOfficial mapping
Source: PCI DSS v4.0 / NIST CSF 2.0
PR.DS-01 Confidentiality of data-at-rest protectedCryptography & data protection
- CIS Controls v8EquivalentCurated3.11 Encrypt sensitive data at rest
Cryptography & data protection
- DORAPartialCuratedArt. 9 Protection and prevention
Cryptography & data protection
- GDPRPartialCuratedArt. 32 Security of processing
Cryptography & data protection
- GLBAEquivalentCurated§314.4(c)(3) Encryption of customer information
Cryptography & data protection
- HIPAAEquivalentCurated§164.312(e)(1) Transmission security
Cryptography & data protection
- ISO 27001EquivalentCuratedA.8.24 Use of cryptography
Cryptography & data protection
- LGPDPartialCuratedArt. 46 Security measures
Cryptography & data protection
- NIS2EquivalentCuratedArt. 21(2)(h) Cryptography and encryption
Cryptography & data protection
- NIST 800-171EquivalentCurated3.13.11 Employ FIPS-validated cryptography
Cryptography & data protection
- NIST 800-53EquivalentCuratedSC-28 Protection of information at rest
Cryptography & data protection
- PCI DSSEquivalentCuratedReq. 4 Protect cardholder data with strong cryptography during transmission
Cryptography & data protection
- SOC 2PartialCuratedCC6.7 Restricting data transmission
Cryptography & data protection