pci_dss_v1-2

pci_dss_v1-2 - Payment Card Industry(PCI Data Security...

Info icon This preview shows pages 1–5. Sign up to view the full content.

View Full Document Right Arrow Icon
Payment Card Industry (PCI) Data Security Standard Requirements and Security Assessment Procedures Version 1.2.1 July 2009
Image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Document Changes Date Version Description Pages Octobe r 2008 1.2 To introduce PCI DSS v1.2 as “PCI DSS Requirements and Security Assessment Procedures,” eliminating redundancy between documents, and make both general and specific changes from PCI DSS Security Audit Procedures v1.1. For complete information, see PCI Data Security Standard Summary of Changes from PCI DSS Version 1.1 to 1.2. July 2009 1.2.1 Add sentence that was incorrectly deleted between PCI DSS v1.1 and v1.2. 5 Correct “then” to “than” in testing procedures 6.3.7.a and 6.3.7.b. 32 Remove grayed-out marking for “in place” and “not in place” columns in testing procedure 6.5.b. 33 For Compensating Controls Worksheet – Completed Example, correct wording at top of page to say “Use this worksheet to define compensating controls for any requirement noted as ‘in place’ via compensating controls.” 64 PCI DSS Requirements and Security Assessment Procedures, v1.2.1 July 2009 Copyright 2008 PCI Security Standards Council LLC Page 1
Image of page 2
Table of Contents Document Changes ............................................................................................................................................................................. 1 Introduction and PCI Data Security Standard Overview ................................................................................................................... 4 PCI DSS Applicability Information ...................................................................................................................................................... 5 Scope of Assessment for Compliance with PCI DSS Requirements ............................................................................................... 6 Network Segmentation ........................................................................................................................................................................................... 6 Wireless .................................................................................................................................................................................................................. 7 Third Parties/Outsourcing ....................................................................................................................................................................................... 7 Sampling of Business Facilities and System Components ..................................................................................................................................... 7 Compensating Controls .......................................................................................................................................................................................... 8 Instructions and Content for Report on Compliance ........................................................................................................................ 9 Report Content and Format .................................................................................................................................................................................... 9 Revalidation of Open Items ................................................................................................................................................................................. 12 PCI DSS Compliance – Completion Steps ........................................................................................................................................................... 12 Detailed PCI DSS Requirements and Security Assessment Procedures ...................................................................................... 13 Build and Maintain a Secure Network ...................................................................................................................................................................... 14 Requirement 1: Install and maintain a firewall configuration to protect cardholder data ...................................................................................... 14 Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters ....................................................... 18 Protect Cardholder Data .......................................................................................................................................................................................... 21 Requirement 3: Protect stored cardholder data .................................................................................................................................................... 21 Requirement 4: Encrypt transmission of cardholder data across open, public networks ..................................................................................... 27 Maintain a Vulnerability Management Program ....................................................................................................................................................... 29 Requirement 5: Use and regularly update anti-virus software or programs ......................................................................................................... 29 Requirement 6: Develop and maintain secure systems and applications ............................................................................................................. 30 Implement Strong Access Control Measures ........................................................................................................................................................... 36 Requirement 7: Restrict access to cardholder data by business need to know .................................................................................................... 36 Requirement 8: Assign a unique ID to each person with computer access .......................................................................................................... 38 Requirement 9: Restrict physical access to cardholder data ................................................................................................................................ 43 Regularly Monitor and Test Networks ...................................................................................................................................................................... 47 Requirement 10: Track and monitor all access to network resources and cardholder data .................................................................................. 47 Requirement 11: Regularly test security systems and processes ......................................................................................................................... 50 Maintain an Information Security Policy ................................................................................................................................................................... 53 Requirement 12: Maintain a policy that addresses information security for employees and contractors .............................................................. 53 Appendix A: Additional PCI DSS Requirements for Shared Hosting Providers .......................................................................... 60 PCI DSS Requirements and Security Assessment Procedures, v1.2.1 July 2009 Copyright 2008 PCI Security Standards Council LLC Page 2
Image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Requirement A.1: Shared hosting providers must protect the cardholder data environment
Image of page 4
Image of page 5
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern