Jump to content
Aerosol

Payment Card Industry (PCI) Data Security Standard

By Aerosol, in Tutoriale in engleza

Recommended Posts

Aerosol Newbie

Aerosol

Posted
Posted 

Table of Contents
Document Changes ........................................................................................................................................................................... 2
Introduction and PCI Data Security Standard Overview ................................................................................................................. 5
PCI DSS Resources............................................................................................................................................................................................ 6
PCI DSS Applicability Information .................................................................................................................................................... 7
Relationship between PCI DSS and PA-DSS.................................................................................................................................... 9
Applicability of PCI DSS to PA-DSS Applications................................................................................................................................................. 9
Applicability of PCI DSS to Payment Application Vendors.................................................................................................................................... 9
Scope of PCI DSS Requirements.................................................................................................................................................... 10
Network Segmentation.......................................................................................................................................................................................11
Wireless…………… ...........................................................................................................................................................................................11
Use of Third-Party Service Providers / Outsourcing ............................................................................................................................................12
Best Practices for Implementing PCI DSS into Business-as-Usual Processes........................................................................... 13
For Assessors: Sampling of Business Facilities/System Components ....................................................................................... 15
Compensating Controls................................................................................................................................................................... 16
Instructions and Content for Report on Compliance..................................................................................................................... 17
PCI DSS Assessment Process........................................................................................................................................................ 17
Detailed PCI DSS Requirements and Security Assessment Procedures..................................................................................... 18
Build and Maintain a Secure Network and Systems........................................................................................................................................19
Requirement 1: Install and maintain a firewall configuration to protect cardholder data ...................................................................................19
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters ....................................................28
Protect Cardholder Data...................................................................................................................................................................................34
Requirement 3: Protect stored cardholder data...............................................................................................................................................34
Requirement 4: Encrypt transmission of cardholder data across open, public networks ..................................................................................44
Maintain a Vulnerability Management Program...............................................................................................................................................46
Requirement 5: Protect all systems against malware and regularly update anti-virus software or programs.....................................................46
Requirement 6: Develop and maintain secure systems and applications.........................................................................................................49
Implement Strong Access Control Measures..................................................................................................................................................61
Requirement 7: Restrict access to cardholder data by business need to know................................................................................................61
Requirement 8: Identify and authenticate access to system components........................................................................................................64

Read more: https://www.pcisecuritystandards.org/documents/PCI_DSS_v3.pdf

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...