This document provides an overview of payment card industry (PCI) data security standard (DSS) controls. PCI security standards are technical and operational requirements set by the PCI Security Standards Council (SSC) to protect cardholder data. "The PCI DSS applies to all entities that store, process, and/or transmit cardholder data. It covers technical and operational system components included in or connected to cardholder data." The following 12 control areas are covered:
- Firewalls
- Configuring passwords and settings
- Protecting stored cardholder data
- Encrypting the transmission of cardholder data across open, public networks
- Anti-virus software
- Updating and patching systems
- Restricting access to cardholder data by business need-to-know
- Assigning unique IDs to each person with computer access
- Restricting physical access to workplace and cardholder data
- Logging and log management
- Vulnerability scans and penetration tests
- Documentation and risk assessments
About this Resource
Alternate Title
Payment Card Industry Data Security Standard Controls
Publisher
Resource Type
Format
Education Level
Language
Subject
GEM Subject
Subject
Relation
ATE Contributor
Associated Files
Archived
Rights
Access Rights
Comments