User Tools

Site Tools


pci_compliance

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
pci_compliance [2013/12/05 11:03 (10 years ago)] cromopci_compliance [2022/04/12 10:52 (24 months ago)] (current) anemenzo
Line 1: Line 1:
-====== PCI Support Training ====== +See: https://newaccount1608055419986.freshdesk.com/a/solutions/articles/66000503375 
-//Windward Software Inc//+ 
 +====== PCI ======
  
 ===== What is the difference between PCI Compliance and PA-DSS Validation? ===== ===== What is the difference between PCI Compliance and PA-DSS Validation? =====
Line 17: Line 18:
 ===== The 12 Requirements of the PCI DSS ===== ===== The 12 Requirements of the PCI DSS =====
  
 +Outlined below are the 12 requirements for the PCI DSS. For more details, refer to this [[https://www.pcisecuritystandards.org/documents/navigating_dss_v20.pdf|link]]
  
-**Build and Maintain a Secure Network**\\ +Build and Maintain a Secure Network ^ 
-1. Install and maintain a firewall configuration to protect data\\ +1. Install and maintain a firewall configuration to protect data | 
-2. Do not use vendor-supplied defaults for system passwords and other security parameters\\ +2. Do not use vendor-supplied defaults for system passwords and other security parameters | 
-    +Protect Card holder Data ^ 
-**Protect Card holder Data**\\ +3. Protect Stored Data | 
-3. Protect Stored Data\\ +4. Encrypt transmission of card holder data and sensitive information across public networks | 
-4. Encrypt transmission of card holder data and sensitive information across public networks\\ +Maintain a Vulnerability Management Program ^ 
- +5. Use and regularly update anti-virus software | 
-**Maintain a Vulnerability Management Program**\\ +6. Develop and maintain secure systems and applications | 
-5. Use and regularly update anti-virus software\\ +Implement Strong Access Control Measures ^ 
-6. Develop and maintain secure systems and applications\\ +7. Restrict access to data by business need-to-know | 
- +8. Assign a unique Id to each person with computer access | 
-**Implement Strong Access Control Measures**\\ +9. Restrict physical access to card holder data | 
-7. Restrict access to data by business need-to-know\\ +Regularly Monitor and Test Networks ^ 
-8. Assign a unique Id to each person with computer access\\ +10. Track and monitor all access to network resources and card holder data | 
-9. Restrict physical access to card holder data\\ +11. Regularly test security systems and processes\\ Maintain an Information Security Policy | 
- +12. Maintain a policy that addresses information security |
-**Regularly Monitor and Test Networks**\\ +
-10. Track and monitor all access to network resources and card holder data\\ +
-11. Regularly test security systems and processes\\ +
- +
-**Maintain an Information Security Policy**\\ +
-12. Maintain a policy that addresses information security\\+
  
 ===== Sensitive credit card data requires special handling ===== ===== Sensitive credit card data requires special handling =====
Line 68: Line 64:
   * Expiry date   * Expiry date
   * Card holder name   * Card holder name
-  * Also user passwords must be encrypted.  +  * Also user passwords must be encrypted. 
 + 
 +{{ :cardholder_data.png?direct&1000 |}} 
 +//Note: The chip contains track equivalent data as well as other sensitive data, including the Integrated Circuit (IC) Chip Card Verification Value (also referred to Chip CVC, iCVV, CAV3 or iCSC).// \\ 
 +source: [[https://www.pcisecuritystandards.org/documents/navigating_dss_v20.pdf|Page 8]] 
 +  
  
 ===== Set up Good Access Controls ===== ===== Set up Good Access Controls =====
Line 166: Line 167:
   * Debug logging should not be employed in a production environment.   * Debug logging should not be employed in a production environment.
  
 +===== Links: =====
 +
 +  * [[https://www.pcisecuritystandards.org/security_standards/glossary.php| Glossary of Terms]]
pci_compliance.1386270206.txt.gz · Last modified: 2013/12/05 11:03 (10 years ago) by cromo