pci_compliance
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
pci_compliance [2013/12/05 11:03 (10 years ago)] – cromo | pci_compliance [2022/04/12 10:52 (24 months ago)] (current) – anemenzo | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== PCI Support Training | + | See: https:// |
- | //Windward Software Inc// | + | |
+ | ====== PCI ====== | ||
===== What is the difference between PCI Compliance and PA-DSS Validation? ===== | ===== What is the difference between PCI Compliance and PA-DSS Validation? ===== | ||
Line 17: | Line 18: | ||
===== The 12 Requirements of the PCI DSS ===== | ===== The 12 Requirements of the PCI DSS ===== | ||
+ | Outlined below are the 12 requirements for the PCI DSS. For more details, refer to this [[https:// | ||
- | **Build and Maintain a Secure Network**\\ | + | ^ Build and Maintain a Secure Network |
- | 1. Install and maintain a firewall configuration to protect data\\ | + | | 1. Install and maintain a firewall configuration to protect data | |
- | 2. Do not use vendor-supplied defaults for system passwords and other security parameters\\ | + | | 2. Do not use vendor-supplied defaults for system passwords and other security parameters |
- | + | ^ Protect Card holder Data ^ | |
- | **Protect Card holder Data**\\ | + | | 3. Protect Stored Data | |
- | 3. Protect Stored Data\\ | + | | 4. Encrypt transmission of card holder data and sensitive information across public networks |
- | 4. Encrypt transmission of card holder data and sensitive information across public networks\\ | + | ^ Maintain a Vulnerability Management Program |
- | + | | 5. Use and regularly update anti-virus software | |
- | **Maintain a Vulnerability Management Program**\\ | + | | 6. Develop and maintain secure systems and applications |
- | 5. Use and regularly update anti-virus software\\ | + | ^ Implement Strong Access Control Measures |
- | 6. Develop and maintain secure systems and applications\\ | + | | 7. Restrict access to data by business need-to-know |
- | + | | 8. Assign a unique Id to each person with computer access | |
- | **Implement Strong Access Control Measures**\\ | + | | 9. Restrict physical access to card holder data | |
- | 7. Restrict access to data by business need-to-know\\ | + | ^ Regularly Monitor and Test Networks |
- | 8. Assign a unique Id to each person with computer access\\ | + | | 10. Track and monitor all access to network resources and card holder data | |
- | 9. Restrict physical access to card holder data\\ | + | | 11. Regularly test security systems and processes\\ Maintain an Information Security Policy |
- | + | | 12. Maintain a policy that addresses information security | |
- | **Regularly Monitor and Test Networks**\\ | + | |
- | 10. Track and monitor all access to network resources and card holder data\\ | + | |
- | 11. Regularly test security systems and processes\\ | + | |
- | + | ||
- | **Maintain an Information Security Policy**\\ | + | |
- | 12. Maintain a policy that addresses information security\\ | + | |
===== Sensitive credit card data requires special handling ===== | ===== Sensitive credit card data requires special handling ===== | ||
Line 68: | Line 64: | ||
* Expiry date | * Expiry date | ||
* Card holder name | * Card holder name | ||
- | * Also user passwords must be encrypted. | + | * Also user passwords must be encrypted. |
+ | |||
+ | {{ : | ||
+ | //Note: The chip contains track equivalent data as well as other sensitive data, including the Integrated Circuit (IC) Chip Card Verification Value (also referred to Chip CVC, iCVV, CAV3 or iCSC).// \\ | ||
+ | source: [[https:// | ||
+ | |||
===== Set up Good Access Controls ===== | ===== Set up Good Access Controls ===== | ||
Line 166: | Line 167: | ||
* Debug logging should not be employed in a production environment. | * Debug logging should not be employed in a production environment. | ||
+ | ===== Links: ===== | ||
+ | |||
+ | * [[https:// |
pci_compliance.1386270206.txt.gz · Last modified: 2013/12/05 11:03 (10 years ago) by cromo