PCI DSS Control Objectives

Payment Card Industry Data Security Standard has six control objectives and 12 requirements:

1. Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

2. Protect Cardholder Data
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks

3. Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications

4. Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data by business need-to know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data

5. Regularly Monitor and Test Networks
Requirement 10:Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes

6. Maintain an Information Security Policy
Requirement 12: Maintain a policy that addresses information security

Leave a Reply