PCI-DSS Security Framework
The PCI DSS provides a framework for developing an account data security process that includes the prevention, detection and reaction to security incidents. We have outlined 6 control objectives and 12 requirements towards implementation
There are 6 control objectives
- Build and Maintain a Secure Network
- Implement Strong Access Control Measures
- Maintain a Vulnerability Management Program
- Protect Cardholder Data
- Regulary Monitor and Test Networks
- Maintain an Information Security Policy
The 12 requirements for technology implementations
- Install and maintain a secure firewall and firewall policy configuration to protect data
- Change vendor supplied defaults for system passwords and other security parameters.
- Protect stored cardholder data
- Encrypt tranmission of cardholder data on open public networks
- Use and regularly update antivirus software
- Develop and maintain secure systems and applications
- Restrict access to cardholder data by business need to know
- Assign a unique ID to each person with computer access
- Restrict physical access to cardholder data
- Track and monitor all access to network resources and cardholder data.
- Regularly test security systems and processes
- Maintain a policy that addresses information security.