About PCI DSS
The PCI Data Security Standard (DSS) was developed by the PCI Security Standards Council (PCI SSC). Enforcement of PCI DSS compliance is done by the payment card brands (American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc.).
The standard was designed to encourage and enhance cardholder data security, and to encourage the global adoption of consistent data security measures.
The PCI DSS Standard is comprised of 12 broad requirements which organizations must meet to maintain compliance. The requirements for reporting compliance must be submitted to confirm compliance. These requirements vary depending on the merchant and card brand or issuer. PCI DSS applies to all entities involved in payment card processing – including merchants, processors, acquirers, issuers, and service providers, as well as all other entities that store, process or transmit cardholder data. Contacting a PCI QSA consulting company can help support your implementation and maintenance of continuous compliance.
|12 Requirements of PCI DSS||PCI Requirement||PCI Requirement|
|Build & Maintain a Secure Network||• Requirement 1: Install and maintain a firewall configuration to protect cardholder data.||• Requirement 2: Do not use vendor supplied defaults for system passwords and security parameters.|
|Maintain a Vulnerability Management Program||• Requirement 5: Use and regularly update anti-virus.||• Requirement 6: Develop and maintain secure systems and applications.|
|Regularly Monitor and Test Networks||• Requirement 10: Track and monitor all access to network resources and cardholder data.||• Requirement 11: Regularly test security systems and processes.|
|Implement Strong Access Control Measures||• Requirement 7: Restrict access to cardholder data by business need-to-know.||• Requirement 8: Assign a unique ID to each user with computer access. • Requirement 9: Restrict physical access to cardholder data.|
|Maintain an Information Security Policy||• Requirement 12: Maintain a policy that addresses information security.|