PCI compliance - The twelve PCI DSS standards

02/11/2008

What are the Payment Card Industry Data Security Standards?

The PCI DSS are twelve specific standards that need to be adhered to relating to network security and control access.

These twelve specific standards (required for PCI complainec) are (briefly):

Maintain a Secure Network:

1. Protect all data through the implementation of a Firewall on the network where the data is.

2. Do not use ANY default passwords that come on any network devices

Protection of Cardholder Data:

3. Protect all cardholder data

4. Encrypt the transmission of all data that goes over public networks

Maintain a vulnerability checking program:

5. Use and regularly update an anti-virus software program on all machines that have cardholder data.

6. Develop and maintain secure systems and applications

Implementation of strong access control measures:

7. Restrict access to the data to specific people who “need to know”

8. Every person who has a login to a system with data must have a unique “login”

9. Physical access to the data must be restricted to people who “need to know”

Regularly monitoring and testing of the network:

10. Track and monitor all access to the systems that have the cardholder data

11. Regularly test the security of the network

Maintain an Information Systems Security policy.

12. Maintain a policy that will address all aspects of the network in regards to protecting cardholder data.

← Back to Index

Email usTel: +44 (0)330 555 4680
X

Our site uses cookies to help provide you the best experience. By continuing to browse the site you are agreeing to our use of cookies.
Find out more about cookies and how to change your cookie settings in your browser.