The Payment Card Industry Data Security Standard (PCI DSS) is a standard maintained and promoted by the PCI Security Standards Council.
This is an important standard that is related to securing payment cards and cardholder data. This standard is useful for vendors involved in creating securing payment solutions. It is also useful for the merchants and financial institutions that process card payments worldwide.
PCI DSS iss also applicable to any entity that stores, processes or transmits cardholder data (CHD) and/or sensitive authentication data (SAD).
The Requirements and Security Assessment Procedures, Version 3.1, released in April 2015 of this standard provides the list of necessary practices.
The practices are spread across and pertain to the following areas:
Build and Maintain a Secure Network and Systems
Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
Requirement 5: Protect all systems against malware and regularly update anti-virus software or programs
Requirement 6: Develop and maintain secure systems and applications
Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data by business need to know
Requirement 8: Identify and authenticate access to system components
Requirement 9: Restrict physical access to cardholder data
Regularly Monitor and Test Networks
Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes.
Maintain an Information Security Policy
Requirement 12: Maintain a policy that addresses information security for all personnel
Appendix A: Additional PCI DSS Requirements for Shared Hosting Providers
Requirement A.1: Shared hosting providers must protect the cardholder data environment
Appendix B: Compensating Controls
Compensating controls may be considered for most PCI DSS requirements when an entity cannot meet a requirement explicitly as stated, due to legitimate technical or documented business constraints, but has sufficiently mitigated the risk associated with the requirement through implementation of other, or compensating, controls.
This is an important standard that is related to securing payment cards and cardholder data. This standard is useful for vendors involved in creating securing payment solutions. It is also useful for the merchants and financial institutions that process card payments worldwide.
PCI DSS iss also applicable to any entity that stores, processes or transmits cardholder data (CHD) and/or sensitive authentication data (SAD).
The Requirements and Security Assessment Procedures, Version 3.1, released in April 2015 of this standard provides the list of necessary practices.
The practices are spread across and pertain to the following areas:
Build and Maintain a Secure Network and Systems
Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
Requirement 5: Protect all systems against malware and regularly update anti-virus software or programs
Requirement 6: Develop and maintain secure systems and applications
Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data by business need to know
Requirement 8: Identify and authenticate access to system components
Requirement 9: Restrict physical access to cardholder data
Regularly Monitor and Test Networks
Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes.
Maintain an Information Security Policy
Requirement 12: Maintain a policy that addresses information security for all personnel
Appendix A: Additional PCI DSS Requirements for Shared Hosting Providers
Requirement A.1: Shared hosting providers must protect the cardholder data environment
Appendix B: Compensating Controls
Compensating controls may be considered for most PCI DSS requirements when an entity cannot meet a requirement explicitly as stated, due to legitimate technical or documented business constraints, but has sufficiently mitigated the risk associated with the requirement through implementation of other, or compensating, controls.
No comments:
Post a Comment