PCI DSS - has 6 goals. PCI DSS has 12 requirements to meet those 6 goals
Goal 1: Build and Maintain secure network and systems
Req 1: Install and maintain a firewall configuration to protect cardholder data
Req 2: Do not use vendor supplies defaults for system passwords and other security Parameters
Goal 2: Protect cardholder data
Req 3: Protect stored cardholder data
Req 4: Encrypt transmission of cardholder data across open, public Network
Goal 3: Maintain a Vulnerability Management Programme
Req 5: Protect all systems against malware and regularly update anti-virus software or programs
Req 6: Develop and maintain secure systems and applications
Goal 4: Implement Strong Access Control Measures
Req 7: Restrict access to cardholder data by business need-to-know
Req 8: Identify and authenticate access to system components
Req 9: Restrict physical access to cardholder data
Goal 5: Regularly Monitor and Test Networks
Req 10: Track and monitor all access to network resources and cardholder data
Req 11: Regularly test security systems and processes
Goal 6: Maintain an Information Security Policy
Req 12 : Maintain a policy that addresses Information Security for all personnel
Goal 1: Build and Maintain secure network and systems
Req 1: Install and maintain a firewall configuration to protect cardholder data
Req 2: Do not use vendor supplies defaults for system passwords and other security Parameters
Goal 2: Protect cardholder data
Req 3: Protect stored cardholder data
Req 4: Encrypt transmission of cardholder data across open, public Network
Goal 3: Maintain a Vulnerability Management Programme
Req 5: Protect all systems against malware and regularly update anti-virus software or programs
Req 6: Develop and maintain secure systems and applications
Goal 4: Implement Strong Access Control Measures
Req 7: Restrict access to cardholder data by business need-to-know
Req 8: Identify and authenticate access to system components
Req 9: Restrict physical access to cardholder data
Goal 5: Regularly Monitor and Test Networks
Req 10: Track and monitor all access to network resources and cardholder data
Req 11: Regularly test security systems and processes
Goal 6: Maintain an Information Security Policy
Req 12 : Maintain a policy that addresses Information Security for all personnel
No comments:
Post a Comment