Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

PCI DSS is divided into 6 areas with 12 requirements.

Areas

Requirements

Responsible Party

Build and maintain a secure network and systems

Install and maintain a firewall configuration to protect cardholder data.

N/A - SPU does not allow unencrypted cardholder data to traverse the SPU network.

Do not use vendor-supplied defaults for system passwords and other security parameters.

SPU merchant

 

Protect cardholder data

Protect stored cardholder data.

SPU merchant

Encrypt transmission of cardholder data across open, public networks.

SPU merchant via using existing Payment Gateway Service Providers or P2PE hardware solutions.

Maintain a vulnerability management program

Protect all systems against malware and regularly update anti-virus software or programs.

CIS

Develop and maintain secure systems and applications.

CIS

Implement strong access control measures

Restrict access to cardholder data by business need-to-know.

SPU merchant

Identify and authenticate access to system components.

CIS / SPU merchant

Restrict physical access to cardholder data.

SPU merchant

Regularly monitor and test networks

Track and monitor all access to network resources and cardholder data.

SPU merchant / CIS

Regularly test security systems and processes.

CIS

Maintain an information security policy

Maintain a policy that addresses information security for all personnel.

CIS

Key Roles and Responsibilities in PCI Compliance

...