PCI DSS
Introduction
Last Updated: April 18, 2022Payment Card Industry Data Security Standard (PCI DSS) is a data security standard created to reduce credit card fraud. It applies to all organizations that store, process, transmit cardholder data. The purpose of PCI DSS is to protect cardholders from potential credit card frauds or data breaches during credit card transactions. This framework helps secure...
Build and Maintain a Secure Network and Systems
Last Updated: April 18, 2022Requirement 1: Install and maintain a firewall configuration to protect cardholder data The first step to creating a secure environment for storing data and information is installing a security mechanism. In this case, it is to establish a firewall configuration and test and protect it. 1.1 It includes establishing and implementing firewall and router configuration...
Protect Cardholder Data
Last Updated: April 18, 2022Requirement 3: Protect stored cardholder data Protecting the card holder’s information is one of the most critical tasks organizations should do. A sound data protection system is an essential part of proactive risk mitigation. PCI DSS framework lists seven requirements and related test procedures to check. Some of the requirements include the instruction to have,...
Maintain a Vulnerability Management Program
Last Updated: April 18, 2022Requirement 5: Protect all systems against malware and regularly update anti-virus software or programs The requirement for an effective anti-virus or malware protection mechanism is highlighted in this section. It also identifies the aspects of evaluating and maintaining the protection system. 5.1 Deployment of anti-virus software on all systems. 5.2 Ensuring that all anti-virus mechanisms...
Implement Strong Access Control Measures
Last Updated: April 18, 2022Requirement 7: Restrict access to cardholder data by business need to know This requirement highlights the need for an access control mechanism for essential and sensitive data. 7.1 Limit access to system components and cardholder data should be given to only those whose job involves such access. 7.2 Access control system must be established for...
Regularly Monitor and Test Networks
Last Updated: April 18, 2022Requirement 10: Track and monitor all access to network resources and cardholder data To have regular audits of the cardholders’ data and the information security mechanism is an integral part of the organization’s compliance tasks. Implementing automatic audit trails, keeping the record of all the relevant information, protecting audit trails are some of the test...
Maintain an Information Security Policy
Last Updated: April 18, 2022Requirement 12: Maintain a policy that addresses information security for all personnel. This last section or requirement 12 highlights the requirement for a solid policy framework to provide safety and security to the data protection mechanism in any organization. 12.1 A security policy should be well established, well published and well maintained for effective results....
Download the framework
Last Updated: April 18, 2022PCI DSS Framework Checklist Reference Payment Card Industry (PCI) Data Security Standard V3.2.1
