The PCI Data Security Standard specifies twelve requirements for compliance, organized into six logically related groups called “control objectives”.
Each version of PCI DSS has divided these twelve requirements into a number of sub-requirements differently, but the twelve high-level requirements have not changed since the inception of the standard.
Control objectives | PCI DSS requirements |
---|---|
Build and maintain a secure network | 1. Install and maintain a firewall configuration to protect cardholder data |
2. Do not use vendor-supplied defaults for system passwords and other security parameters | |
Protect cardholder data | 3. Protect stored cardholder data |
4. Encrypt transmission of cardholder data across open, public networks | |
Maintain a vulnerability management program | 5. Use and regularly update anti-virus software on all systems commonly affected by malware |
6. Develop and maintain secure systems and applications | |
Implement strong access control measures | 7. Restrict access to cardholder data by business need-to-know |
8. Assign a unique ID to each person with computer access | |
9. Restrict physical access to cardholder data | |
Regularly monitor and test networks | 10. Track and monitor all access to network resources and cardholder data |
11. Regularly test security systems and processes | |
Maintain an information security policy | 12. Maintain a policy that addresses information security |
To find out more and organise a survey, please contact our IT Sales Team on 0345 450 9393 opt 1. Don’t leave it to chance…