Overview of PCI Requirements
PCI DSS Requirements Overview
PCI REQUIREMENT 1: PROTECT YOUR SYSTEM WITH FIREWALLS
- Install a hardware and software firewall
- Tweak firewall configuration for your system
- Have strict firewall rules
PCI REQUIREMENT 2: USE ADEQUATE CONFIGURATION STANDARDS
- Avoid using default passwords
- Harden your systems
- Implement system configuration management
PCI REQUIREMENT 3: PROTECT STORED DATA
- Encrypt stored card data
- Find where card data is held
- Craft your card flow diagram
PCI REQUIREMENT 4: SECURE DATA OVER OPEN AND PUBLIC NETWORKS
- Know where data is transmitted and received
- Encrypt all transmitted cardholder data
- Stop using SSL and early TLS
PCI REQUIREMENT 5: PROTECT SYSTEMS WITH ANTI-VIRUS
- Create a vulnerability management plan
- Regularly update anti-virus
- Maintain an up-to-date malware program
PCI REQUIREMENT 6: UPDATE YOUR SYSTEMS
- Consistently update your systems
- Patch all critical systems and software
- Establish software development processes
PCI REQUIREMENT 7: RESTRICT ACCESS
- Restrict access to cardholder data
- Document who has access to the card data environment
- Establish an access control system
PCI REQUIREMENT 8: USE UNIQUE ID CREDENTIALS
- Use unique ID credentials for every employee
- Change ID credentials
- Configure multi-factor authentication
PCI REQUIREMENT 9: ENSURE PHYSICAL SECURITY
- Control physical access at your workplace
- Keep track of POS terminals
- Train your employees often
PCI REQUIREMENT 10: IMPLEMENT LOGGING AND LOG MONITORING
- Implement logging and alerting
- Establish log management
- Create log management system rules
PCI REQUIREMENT 11: CONDUCT VULNERABILITY SCANS AND PENETRATION TESTING
- Know your environment
- Run vulnerability scans quarterly
- Conduct a penetration test
PCI REQUIREMENT 12: START DOCUMENTATION AND RISK ASSESSMENTS
- Document everything
- Implement a risk assessment process
- Create an incident response plan
.svg)
