Requirements of PCI DSS
PCI DSS is comprised of 12 core requirements that have to be met for an organisation to attain compliance.
Build and maintain a secure network
- Requirement 1: Install and maintain a firewall configuration to protect cardholder data
- Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
Protect cardholder data
- Requirement 3: Protect stored cardholder data
- Requirement 4: Encrypt transmission of cardholder data across open, public networks
Maintain a vulnerability management programme
- Requirement 5: Use and regularly update anti-virus software
- Requirement 6: Develop and maintain secure systems and applications
Implement strong access control measures
- Requirement 7: Restrict access to cardholder data by business need-to-know
- Requirement 8: Assign a unique ID to each person with computer access
- Requirement 9: Restrict physical access to cardholder data
Regularly monitor and test networks
- Requirement 10: Track and monitor all access to network resources and cardholder data
- Requirement 11: Regularly test security systems and processes
Maintain an information security policy
- Requirement 12: Maintain a policy that addresses information security
Talk to the team
Copyright © 2013 Deloitte. A member of Deloitte Touche Tohmatsu Limited. All rights reserved.