Payment Card Industry Data Security Standards (PCI DSS) is a global security standard which sets the minimum standard for data security. It is a widely accepted set of policies and procedures which provide an actionable framework for developing a robust payment card data security process, which includes prevention, detection, and appropriate reaction to security incidents. Also known as PCI assessment.
Looking for PCI assessment for your card data environment?
There are 12 requirements outlined in PCI assessment that are considered as data security best practice by major credit card companies for processing sensitive payment information and these are categorized into six different sections.
Businesses are considered to be compliant with PCI DSS standards by implementing tighter controls across the storage, transmission and processing of cardholder data, and maintaining sufficient monitoring, testing and reporting of yearly results.
Build and Maintain a Secure Network and Systems infrastructure
- Install and proactively maintain firewall configurations to protect cardholder data.
- Never use default vendor-supplied system passwords and other security parameters.
Protect Cardholder Data
- Protect stored cardholder data.
- Encryption of cardholder data transmitted across open, public networks.
Maintain a Vulnerability Management Program
- Protect all of the systems against malware and regularly update anti-virus software or programs.
- Develop and maintain secure systems and applications.
Implement Strong Access Control Measures
- Restrict access to cardholder data only by business justification.
- Identify and authenticate access to system components.
- Restrict physical access to cardholder data.
Maintain a Vulnerability Management Program
- Keep a Track and monitor all access to network resources and cardholder data.
- Regularly test security systems and processes.
Maintain an Information Security Policy
- Maintain a policy that can address information security for all personnel.
Exploitable vulnerabilities identified during penetration testing are corrected
Perform internal penetration testing on the CDE
Web applications play a vital role in business processes.