PCI compliance - The twelve PCI DSS standards
02/11/2008
What are the Payment Card Industry Data Security Standards?
The PCI DSS are twelve specific standards that need to be adhered to relating to network security and control access.
These twelve specific standards (required for PCI complainec) are (briefly):
Maintain a Secure Network:
1. Protect all data through the implementation of a Firewall on the network where the data is.
2. Do not use ANY default passwords that come on any network devices
Protection of Cardholder Data:
3. Protect all cardholder data
4. Encrypt the transmission of all data that goes over public networks
Maintain a vulnerability checking program:
5. Use and regularly update an anti-virus software program on all machines that have cardholder data.
6. Develop and maintain secure systems and applications
Implementation of strong access control measures:
7. Restrict access to the data to specific people who “need to know”
8. Every person who has a login to a system with data must have a unique “login”
9. Physical access to the data must be restricted to people who “need to know”
Regularly monitoring and testing of the network:
10. Track and monitor all access to the systems that have the cardholder data
11. Regularly test the security of the network
Maintain an Information Systems Security policy.
12. Maintain a policy that will address all aspects of the network in regards to protecting cardholder data.
