The PIN Security Compliance Guideline is intended to be used to implement a uniform security review. All entities, which handle PINs and/or cryptographic keys used to secure PINs, should complete a PIN Security Compliance review. This guideline presents mandatory control objectives relating to general procedures and controls. The mandatory control objectives are based on requirements set forth in X9.8 (Banking, Personal Identification Number Management and Security Part 1), X9.24-2004 (Retail Financial Services Symmetric Key Management, Part 1: Using Symmetric Techniques) and X9.24-2005 (Retail Financial Services Symmetric Key Management, Part 2: Using Asymmetric Techniques for Distribution of Symmetric Keys). Sections 4.4 and 5.5 of this guideline include additional control objectives related to miscellaneous security issues, which are considered best business practices but are not covered under existing X9 standards. Each organization administering the review should evaluate the mandatory and optional control objectives for applicability.