PCI standard requirements - compiled by Chirag Patel December 27, 2008
Payment Card Industry (PCI) requirements of Data Security Standard (DSS) include following basic compliances:
- Install and maintain firewall configuration to protect card holder data.
- Do not use vendor supplied defaults for system passwords and other secuirity parameters.
- Protect stored cardholder data.
- Encrypt transmission of cardholder data across open, public networks.
- Use and regularly update anti-virus software.
- Develop and maintain secure systems and applications.
- Restrict access to cardholder data by business need-to-know.
- Assign a unique ID to each person with computer access.
- Restrict physical access to cardholder data.
- Track and monitor all access to network resources and cardholder data.
- Regularly test security systems and processes.
- Maintain a policy that addresses information security.
(Ref: WEBSITE magazine November, 2008)
Posted under Infrastructure
This post was written by Chirag on December 28, 2008
