Specialists in IT Security, System Migration,
Wintel Design.

 Supportspread Banner Pictures

PCI Compliance - Top 25 Point PCI DSS Requirements

PCI Compliance Picture

Section 1: Build and Maintain a Secure Network

Requirement 1: Install and maintain a firewall configuration to protect cardholder data

  • Configuration standards
  • Testing procedures
  • Network diagrams
  • Configuration Files or Rule Sets (Access Control Lists)
    • include business justifications

Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

  • System hardening guides or configuration standards
    • include database, application, servers, workstations, routers

Section 2: Protect Cardholder Data

Requirement 3: Protect stored cardholder data

  • Databases, logs and file servers for cardholder data storage
  • Data retention & disposal Policy
  • Credit Card Handling Policy
  • Encryption Policy
  • Authorized custodian access list
  • Encryption Key management Policy and procedures
  • Wireless Policy & Configuration Guide
  • Email Policy

Requirement 4: Encrypt transmission of cardholder data across open, public networks

  • Workstation and server AV configuration files
  • Internal vulnerability scans

Section 3: Maintain a Vulnerability Management Program

Requirement 5: Use and regularly update anti-virus software

  • Antivirus Policy
  • Malicious software Policy

Requirement 6: Develop and maintain secure systems and applications

  • SDLC manual or Design (or) Development Operations Manual
  • Application layer penetration test/web application assessment
  • Change Management Policy and Procedure

Section 4: Implement Strong Access Control Measures

Requirement 7: Restrict access to cardholder data by business need-to-know

  • Access control Policy
  • VPN Access Request Forms
  • User Account Administration Policy

Requirement 8: Assign a unique ID to each person with computer access

  • User Account Administration Policy
  • Access Request/Modification Forms
  • Password Reset procedure
  • Password Policy

Requirement 9: Restrict physical access to cardholder data

  • Media destruction and distribution Policy
  • Data classification Policy
  • Media Storage and Distribution Policy
  • Badge granting procedures

Section 5: Regularly Monitor and Test Networks

Requirement 10: Track and monitor all access to network resources and cardholder data

  • Network Time protocol configuration
  • File Integrity Monitoring Policy and Procedures
  • Periodic operations checklist

Requirement 11: Regularly test security systems and processes

  • Incident response plan
  • Previous 4 external quarterly ASV scans report

Section 6: Maintain an Information Security Policy

Requirement 12: Maintain a Policy that addresses information security

  • Risk assessment documentationInformation Security Policy & Program
  • Vendor management program
  • Acceptable Use Policy
  • Access Control Policy
  • Security Incident Handling and Reporting Policy
  • Vendor Management Program
  • Information Security Training Materials
  • Background check form
  • HR Employee Checklists

If you require assistance to meet the PCI required standards please do not hesitate to contact us: enquiries@supportspread.co.uk
Sanctuary - A Lumension Brand®

Technical Architects

PCI

Compliance

ARE YOU READY?

Find out how we can help here

Quest Software

Migration Solutions

Motorola Airdefense Solutions
VMware logo image