Net-Cat Wales, Experts in IT Security, Network Installations, Computer Deployments and Managed
image
image
image

PCI Compliance - Top 25 Point PCI DSS Requirements

PCI Compliance - 25 Point PCI Data Security Standards Requirements

Section 1 - Build and Maintain a Secure Network

Requirement 1: Install and maintain a firewall configuration to protect cardholder data
 • Configuration standards
• Testing procedures
• Network diagrams
• Configuration Files or Rule Sets (Access Control Lists)
    • include business justifications

Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
 • System hardening guides or configuration standards
    • include database, application, servers, workstations, routers

Section 2: Protect Cardholder Data

Requirement 3: Protect stored cardholder data
 • Databases, logs and file servers for cardholder data storage
• Data retention & disposal Policy
• Credit Card Handling Policy
• Encryption Policy
• Authorized custodian access list
• Encryption Key management Policy and procedures
• Wireless Policy & Configuration Guide
• Email Policy

Requirement 4: Encrypt transmission of cardholder data across open, public networks
 • Workstation and server AV configuration files
• Internal vulnerability scans

Section 3: Maintain a Vulnerability Management Program

 Requirement 5: Use and regularly update anti-virus software
 • Antivirus Policy
• Malicious software Policy

Requirement 6: Develop and maintain secure systems and applications
 • SDLC manual or Design (or) Development Operations Manual
• Application layer penetration test/web application assessment
• Change Management Policy and Procedure

Section 4: Implement Strong Access Control Measures

 Requirement 7: Restrict access to cardholder data by business need-to-know
 • Access control Policy
• VPN Access Request Forms
• User Account Administration Policy

Requirement 8: Assign a unique ID to each person with computer access
 • User Account Administration Policy
• Access Request/Modification Forms
• Password Reset procedure
• Password Policy

Requirement 9: Restrict physical access to cardholder data
 • Media destruction and distribution Policy
• Data classification Policy
• Media Storage and Distribution Policy
• Badge granting procedures

Section 5: Regularly Monitor and Test Networks

 Requirement 10: Track and monitor all access to network resources and cardholder data
 • Network Time protocol configuration
• File Integrity Monitoring Policy and Procedures
• Periodic operations checklist

Requirement 11: Regularly test security systems and processes
 • Incident response plan
• Previous 4 external quarterly ASV scans report

Section 6: Maintain an Information Security Policy

Requirement 12: Maintain a Policy that addresses information security
 • Risk assessment documentation
• Information Security Policy & Program
• Vendor management program
• Acceptable Use Policy
• Access Control Policy
• Security Incident Handling and Reporting Policy
• Vendor Management Program
• Information Security Training Materials
• Background check form
• HR Employee Checklists

If you require assistance to meet the PCI required standards please do not hesitate to contact us: enquiries@supportspread.co.uk


 image
image
 image
image