PCI DSS (Payment Card Industry Data Security Standard) is an industry mandate. If your enterprise accepts credit card payments or handles payment card data, it must comply with PCI DSS.
Here are the 12 key requirements set by PCI DSS –
- Install and maintain a firewall configuration to protect data
- Do not use vendor-supplied defaults for system passwords and other security parameters
- Protect stored cardholder data
- Encrypt transmission of cardholder data across open, public networks
- Protect all systems against malware and regularly update anti-virus software or programs
- Develop and maintain secure systems and applications
- Restrict access to cardholder data by business need to know
- Identify and authenticate access to system components
- Restrict physical access to cardholder data
- Track and monitor all access to network resources and cardholder data
- Regularly test security systems and processes
- Maintain a policy that addresses information security for all personnel
Here’s a quick tip – requirements 1, 2, 3, 4, 6, 8 and 10 can be greatly simplified by hosting your CDE on a public cloud provider like AWS or Oracle Cloud. Moreover, if your PCI environment is 100% contained within AWS or OCI, you can N/A Requirement 9!
Follow me on LI to learn more on how to Simplify PCI Compliance.
1 thought on “QuickGuide: PCI Guidelines at a glance”