Six control objectives of PCI DSS


Payment Card Industry - Data Security Standards (PCI-DSS) is a set of standard for any company that stores, processes, or transmits cardholder data from VISA, Master Cards to American Express. Here's a six control objectives of PCI DSS, much more simpler than 34 control objectives at COBIT.

1. Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

2. Protect Cardholder Data
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks

3. Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications

4. Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data by business need-toknow
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data

5. Regularly Monitor and Test Networks
Requirement 10:Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes

6. Maintain an Information Security Policy
Requirement 12: Maintain a policy that addresses information security


Bookmark/Search this post with:
  • Delicious
  • Digg
  • StumbleUpon
  • Propeller
  • Reddit
  • Magnoliacom
  • Newsvine
  • Furl
  • Facebook
  • Google
  • Yahoo
  • Technorati
  • Icerocket

Trackback URL for this post:

http://www.securityprocedure.com/trackback/126

User login

Who's online

There are currently 0 users and 7 guests online.