PCI DSS → SOC 2 crosswalk

A control-by-control mapping between PCI DSS v4.0 and SOC 2 (AICPA Trust Services Criteria). 7 mappings.

PCI DSS	SOC 2	Relationship	Notes
Req. 10 Log and monitor all access to system components and cardholder data	CC7.2 Security event monitoring	EquivalentCurated	Logging, monitoring & detection
Req. 11 Test security of systems and networks regularly	CC7.1 Vulnerability detection and monitoring	EquivalentCurated	Vulnerability management
Req. 12 Support information security with organizational policies and programs	CC1.1 Integrity and ethical values	RelatedCurated	Governance & security policy
Req. 3 Protect stored account data	CC6.7 Restricting data transmission	PartialCurated	Cryptography & data protection
Req. 4 Protect cardholder data with strong cryptography during transmission	CC6.7 Restricting data transmission	PartialCurated	Cryptography & data protection
Req. 7 Restrict access by business need to know	CC6.1 Logical access security controls	EquivalentCurated	Access control & identity
Req. 8 Identify users and authenticate access	CC6.1 Logical access security controls	EquivalentCurated	Access control & identity

Mappings marked “Official” derive from standards-body informative references; “Curated” mappings are authored by Cyber Compliance and provided for guidance only.