Goals of PCI Compliance

PCI DSS is the roadmap to follow to become PCI compliant.

• Build and maintain a secure network and systems

  • Requirement 1
    • Install and maintain a firewall configuration to protect cardholder data
  • Requirement 2
    • Do not use vendor-supplied defaults for system passwords and other security parameters

• Protect cardholder data

  • Requirement 3
    • Protect stored cardholder data
  • Requirement 4
    • Encrypt transmission of cardholder data across open, public networks

• Maintain a vulnerability management program

  • Requirement 5
    • Protect all systems against malware and regularly update anti-virus software or programs
  • Requirement 6
    • Develop and maintain secure systems and applications

• Implement strong access control measures

  • Requirement 7
    • Restrict access to cardholder data by business need to know
  • Requirement 8
    • Identify and authenticate access to system components
  • Requirement 9
    • Restrict physical access to cardholder data

• Regularly monitor and test networks

  • Requirement 10
    • Track and monitor all access to network resources and cardholder data
  • Requirement 11
    • Regularly test security systems and processes

• Maintain an information security policy

  • Requirement 12
    • Maintain a policy that addresses information security for all personnel