Infosec-Related Regs

PCI Data Security Standard <<previous|next>> :Checklist for meeting the PCI Data Security Standard

Information Security maga:

PCI Data Security Standard: 12-step program for compliance

Unlike some government regulations, the PCI Data Security Standard is praised for its clarity. Here are the 12 basic requirements.

  1. Install and maintain a firewall configuration to protect data.
  2. Do not use vendor-supplied defaults for system passwords and other security parameters.
  3. Protect stored data.
  4. Encrypt the transmission of cardholder data and sensitive information across public networks.
  5. Use and regularly update antivirus software.
  6. Develop and maintain secure systems and applications.
  7. Restrict access to data by business need-to-know.
  8. Assign a unique ID to each person with computer access.
  9. Restrict physical access to cardholder data.
  10. Track and monitor all access to network resources and cardholder data.
  11. Regularly test security systems and processes.
  12. Maintain a policy that addresses information security.

08 Jun 2006