PCI Compliance at UT
In order to reduce risks associated with the Payment Card Industry Data Security Standard (PCI DSS), any department or organization at the University of Tennessee or the University of Tennessee Foundation with a Merchant ID for credit card processing must now take part in PCI security training. This is a part of the University’s formal PCI security awareness program required by PCI DSS, as well as UT policy FI0311 – Credit Card Processing.
Handouts, slides, and links to other resources can be found below.
Training Presentations
- PCI-Compliance-Training and Attestation: Effective January 1, 2024, please contact Stephen Brown or Justin Holt for more information.
Merchant Documentation Templates
- PCI DSS Internal Policies and Procedures – SAQs A & B Merchants (downloadable Word document)
- PCI DSS Internal Policies and Procedures – SAQ C Merchants (downloadable Word document)
- PCI DSS Risk Mitigation and Migration Plan Template (downloadable Word document)
PCI Inventory Log (downloadable Excel document)
Security Awareness Information
2016 PCI Credit Card Security Flyer
Insight From VISA To Keep Your POS Equipment Secure
PCI Standards and Procedures for UT/UTFI Merchants
PCI DSS Incident Response Plan
PCI DSS Penetration Testing Standard
PCI DSS Security Awareness Program Standard
PCI DSS Vulnerability Scanning Standard
UT Policies
Fiscal Policy FI0311 – Credit Card Processing
IT Policy IT0110 – Acceptable Use of Information Technology Resources
IT Policy IT0115 – Information and System Classification
Additional PCI Resources
FI0311 Merchant Approval Process
PCI DSS – Migrating from SSL and Early TLS
SAQ Guides (PCI DSS v3.2.1 – effective June 2018)
PCI-DSS-v3_2_1-SAQ-A – for “card-not-present” merchants
PCI-DSS-v3_2_1-SAQ-B – for merchants using standalone, dial-out terminals not connected to the Internet
PCI-DSS-v3_2_1-SAQ-B_IP – for merchants using a payment application system or POS system connected to the Internet
PCI-DSS-v3_2_1-SAQ-C_VT – for merchants using isolated virtual payment terminals on a personal computer connected to the Internet
PCI-DSS-v3_2_1-SAQ-P2PE – for merchants using hardware payment terminals in PCI SSC-Listed P2PE solution only
If you have any questions or need additional information, please contact security.