...
PCI DSS is divided into 6 areas with 12 requirements.
Areas | Requirements | Responsible Party |
---|---|---|
Build and maintain a secure network and systems | Install and maintain a firewall configuration to protect cardholder data. | N/A - SPU does not allow unencrypted cardholder data to traverse the SPU network. |
Do not use vendor-supplied defaults for system passwords and other security parameters. | SPU merchant
| |
Protect cardholder data | Protect stored cardholder data. | SPU merchant |
Encrypt transmission of cardholder data across open, public networks. | SPU merchant via using existing Payment Gateway Service Providers or P2PE hardware solutions. | |
Maintain a vulnerability management program | Protect all systems against malware and regularly update anti-virus software or programs. | CIS |
Develop and maintain secure systems and applications. | CIS | |
Implement strong access control measures | Restrict access to cardholder data by business need-to-know. | SPU merchant |
Identify and authenticate access to system components. | CIS / SPU merchant | |
Restrict physical access to cardholder data. | SPU merchant | |
Regularly monitor and test networks | Track and monitor all access to network resources and cardholder data. | SPU merchant / CIS |
Regularly test security systems and processes. | CIS | |
Maintain an information security policy | Maintain a policy that addresses information security for all personnel. | CIS |
Key Roles and Responsibilities in PCI Compliance
...