The Twelve Requirements of PCI DSS
This chapter will provide an overview of the twelve requirements mandated by PCI DSS, ensuring that organizations handling cardholder data maintain a secure environment.
PCI DSS Fines: Understanding the Consequences
These are the twelve high-level requirements that organizations must comply with to achieve PCI DSS compliance.
-
Restrict physical access to cardholder data.
-
Track and monitor all access to network resources and cardholder data.
-
Regularly test security systems and processes.
-
Maintain a policy that addresses information security for all personnel.
- Use and regularly update antivirus software or programs.
- Develop and maintain secure systems and applications.
- Restrict access to cardholder data to business need-to-know.
- Assign a unique ID to each person with computer access.
-
Install and maintain a firewall configuration to protect cardholder data.
-
Do not use vendor-supplied defaults for system passwords and other security parameters.
-
Protect stored cardholder data.
-
Encrypt transmission of cardholder data across open, public networks.
Common Security Measures
To achieve PCI DSS compliance, organizations must implement a variety of security measures. Here are some common security measures that businesses often adopt to meet the requirements:
Here are some myths to look out for:
- -
Firewalls and Intrusion Detection Systems (IDS)
- -
Data Encryption Techniques
- -
Multi-Factor Authentication (MFA)
- -
Regular Security Audits and Penetration Testing
- -
Security Incident Response Plans
Safeguard Your Organization with PCI DSS Training
Helping over 8,000+ organizations create a safer, more inclusive company culture.
The goal of this training is to educate employers and employees on their rights and responsibilities when it comes to PCI DSS in the workplace. This course covers: