Overview of PCI Requirements
PCI DSS REQUIREMENTS OVERVIEW
PCI REQUIREMENT 1: PROTECT YOUR SYSTEM WITH FIREWALLS
Install a hardware and software firewall
Tweak firewall configuration for your system
Have strict firewall rules
PCI REQUIREMENT 2: USE ADEQUATE CONFIGURATION STANDARDS
Avoid using default passwords
Harden your systems
Implement system configuration management
PCI REQUIREMENT 3: PROTECT STORED DATA
Encrypt stored card data
Find where card data is held
Craft your card flow diagram
PCI REQUIREMENT 4: SECURE DATA OVER OPEN AND PUBLIC NETWORKS
Know where data is transmitted and received
Encrypt all transmitted cardholder data
Stop using SSL and early TLS
PCI REQUIREMENT 5: PROTECT SYSTEMS WITH ANTI-VIRUS
Create a vulnerability management plan
Regularly update anti-virus
Maintain an up-to-date malware program
PCI REQUIREMENT 6: UPDATE YOUR SYSTEMS
Consistently update your systems
Patch all critical systems and software
Establish software development processes
PCI REQUIREMENT 7: RESTRICT ACCESS
Restrict access to cardholder data
Document who has access to the card data environment
Establish an access control system
PCI REQUIREMENT 8: USE UNIQUE ID CREDENTIALS
Use unique ID credentials for every employee
Change ID credentials
Configure multi-factor authentication
PCI REQUIREMENT 9: ENSURE PHYSICAL SECURITY
Control physical access at your workplace
Keep track of POS terminals
Train your employees often
PCI REQUIREMENT 10: IMPLEMENT LOGGING AND LOG MONITORING
Implement logging and alerting
Establish log management
Create log management system rules
PCI REQUIREMENT 11: CONDUCT VULNERABILITY SCANS AND PENETRATION TESTING
Know your environment
Run vulnerability scans quarterly
Conduct a penetration test
PCI REQUIREMENT 12: START DOCUMENTATION AND RISK ASSESSMENTS
Document everything
Implement a risk assessment process
Create an incident response plan