Site Data Protection and PCI


The PCI Data Security Standard

As mentioned, the PCI DSS is comprised of technical and operational requirements established by the PCI SSC to protect cardholder data and to prevent, detect, and react to potential account data compromise. The PCI DSS applies to any entity that stores, processes, or transmits cardholder data. With over 250 sub- requirements, the PCI DSS can be sorted at a high level into six goals and 12 main requirements.

Six Goals, 12 Requirements

Goals PCI DSS Requirements
Build and Maintain
a Secure Network
1: Install and maintain a firewall configuration to protect cardholder data
2: Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data 3: Protect stored cardholder data
4: Encrypt transmissions of cardholder data across
open, public networks
Maintain a Vulnerability Management Program 5: Use and regularly update anti-virus software
6: Develop and maintain secure systems and applications
Implement Strong Access Control Measures 7: Restrict access to cardholder data by business need-to-know
8: Assign a unique ID to each person with computer access
9: Restrict physical access to cardholder data
Regularly Monitor
and Test Networks
10: Track and monitor all access to network resources and cardholder data
11: Regularly test security systems and processes
Maintain an Information Security Policy 12: Maintain a policy that addresses information security

PCI Education

Also of Interest