Definition

PCI DSS Requirements Fast Guide

Part of the Data and data management glossary:

In 2004, the Payment Card Industry Security Standards Council created 6 control objectives and 12 specific requirements for protecting credit card data. Collectively, the control objectives and specific requirements are known as PCI DSS.  All major credit card companies have mandated that members, merchants and service providers who store, process or transmit cardholder data must demonstrate how they follow the requirements.  Failure to do so may result in fines or termination of credit card processing privileges.

Next Steps

Build and maintain a secure network

 Requirement 1: Install and maintain a firewall configuration to protect cardholder data
  Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

Protect cardholder data

 Requirement 3: Protect stored cardholder data
  Requirement 4: Encrypt transmission of cardholder data across open, public networks

Maintain a vulnerability management program

 Requirement 5: Use and regularly update anti-virus software
  Requirement 6: Develop and maintain secure systems and applications

Implement strong access control measures

 Requirement 7: Restrict access to cardholder data by business need-to-know
  Requirement 8: Assign a unique ID to each person with computer access
  Requirement 9: Restrict physical access to cardholder data

Regularly monitor and test networks

 Requirement 10: Track and monitor all access to network resources and cardholder data
  Requirement 11: Regularly test security systems and processes

Maintain an information security policy

 Requirement 12: Maintain a policy that addresses information security

 

Continue reading about PCI DSS compliance:

The PCI DSS Security Standards Council provides a deeper explanation of each requirement.

Video guide: PCI DSS and the 12 Requirements

Guide to passing PCI's five toughest requirements

This was last updated in March 2012
Posted by: Margaret Rouse

Related Terms

Definitions

  • data hygiene

    - Data hygiene is the collective processes conducted to ensure the cleanliness of data. Data is considered clean if it is relatively error-free. Dirty data can be caused by a number of factors includ... (WhatIs.com)

  • Amazon RedShift

    - Amazon RedShift is a fully managed petabyte-scale data warehouse service. RedShift is designed for analytic workloads and connects to standard SQL-based clients and business intelligence tools. (WhatIs.com)

  • erasure coding

    - Erasure coding (EC) is a method of data protection in which data is broken into fragments, expanded and encoded with redundant data pieces, and stored across a set of different locations, such as d... (SearchStorage.com)

Glossaries

  • Data and data management

    - Terms related to data, including definitions about data warehousing and words and phrases about data management.

  • Fast references

    - Fast References and Quick Look-Ups for specific information technology (IT) topics.

  • Business terms

    - Terms related to business, including definitions about project management and words and phrases about human resources, finance and vertical industries.

Dig Deeper

Fast References

People Who Read This Also Read...

Tech TalkComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.
    Back to top