Learning Center Home > Handout > PCI Requirements Overview

PCI Requirements Overview

Handout

Overview of PCI Requirements

Download an Overview of PCI DSS Requirements

Download PDF Now

PCI DSS REQUIREMENTS OVERVIEW

PCI REQUIREMENT 1: PROTECT YOUR SYSTEM WITH FIREWALLS

  • Install a hardware and software firewall

  • Tweak firewall configuration for your system

  • Have strict firewall rules

 

PCI REQUIREMENT 2: USE ADEQUATE CONFIGURATION STANDARDS

  • Avoid using default passwords

  • Harden your systems

  • Implement system configuration management

 

PCI REQUIREMENT 3: PROTECT STORED DATA

  • Encrypt stored card data

  • Find where card data is held

  • Craft your card flow diagram

 

PCI REQUIREMENT 4: SECURE DATA OVER OPEN AND PUBLIC NETWORKS

  • Know where data is transmitted and received

  • Encrypt all transmitted cardholder data

  • Stop using SSL and early TLS


PCI REQUIREMENT 5: PROTECT SYSTEMS WITH ANTI-VIRUS

  • Create a vulnerability management plan

  • Regularly update anti-virus

  • Maintain an up-to-date malware program

 

PCI REQUIREMENT 6: UPDATE YOUR SYSTEMS

  • Consistently update your systems

  • Patch all critical systems and software

  • Establish software development processes

 

PCI REQUIREMENT 7: RESTRICT ACCESS

  • Restrict access to cardholder data

  • Document who has access to the card data environment

  • Establish an access control system

 

PCI REQUIREMENT 8: USE UNIQUE ID CREDENTIALS

  • Use unique ID credentials for every employee

  • Change ID credentials

  • Configure multi-factor authentication


PCI REQUIREMENT 9: ENSURE PHYSICAL SECURITY

  • Control physical access at your workplace

  • Keep track of POS terminals

  • Train your employees often

 

PCI REQUIREMENT 10: IMPLEMENT LOGGING AND LOG MONITORING

  • Implement logging and alerting

  • Establish log management

  • Create log management system rules

 

PCI REQUIREMENT 11: CONDUCT VULNERABILITY SCANS AND PENETRATION TESTING

  • Know your environment

  • Run vulnerability scans quarterly

  • Conduct a penetration test

 

PCI REQUIREMENT 12: START DOCUMENTATION AND RISK ASSESSMENTS

  • Document everything

  • Implement a risk assessment process

  • Create an incident response plan


Have an Upcoming PCI Audit Deadline?

Request a Quote Here