Chapter 7: PCI DSS – The Standard

Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

CHAPTER 7: PCI DSS – THE STANDARD

The PCI DSS has 12 requirements, organised into six sections. Please note that this pocket guide is no substitute for obtaining your own copy of the Standard, which is freely downloadable from www.pcisecuritystandards.org/security_standards/documents.php.

PCI DSS version 1.0 was originally published in January 2005, with subsequent updates to version 1.1 in September 2006 and version 1.2 in October 2008. PCI DSS v2.0 was released on 28 October 2010, and most recently v3.0 was published on 7 November 2013.

With the release of PCI DSS v2.0, the PCI Security Standards Council introduced a new three-year lifecycle for standards development. This ensures a gradual and phased introduction of new versions, and helps to prevent organisations from becoming non-compliant when a new Standard is published.

Version 3.0 of PCI DSS introduces more flexibility in implementing the requirements, and increases the focus on education, awareness and security as a shared responsibility.

The 12 PCI DSS requirements, and the six principles in which those requirements are grouped, are as follows:

Build and maintain a secure network and systems

Requirement 1: Install and maintain a firewall configuration to protect cardholder data.

Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters.

Protect cardholder data

Requirement 3: Protect stored cardholder data.

Requirement 4: Encrypt transmission of cardholder data across open, public networks.

Maintain a vulnerability management programme

Requirement 5: Protect all systems against malware and regularly update anti-virus software or programs.

Requirement 6: Develop and maintain secure systems and applications.

Implement strong access control measures

Requirement 7: Restrict access to cardholder data by business need-to-know.

Requirement 8: Identify and authenticate access to system components.

Requirement 9: Restrict physical access to cardholder data.

Regularly monitor and test networks

Requirement 10: Track and monitor all access to network resources and cardholder data.

Requirement 11: Regularly test security systems and processes.

Maintain an information security policy

Requirement 12: Maintain a policy that addresses information security for all personnel.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Chapter 7: PCI DSS – The Standard

Create new playlist

Sign In

Sign Up