PCI DSS Basics - The Twelve Steps

9

Click here to load reader

description

The basic of the new PCI DSS version. Outlining the twelve steps to achieve PCI compliance. 6 Domains! 12 Requirements! ~200 Sub-requirements! 12 Steps.

Transcript of PCI DSS Basics - The Twelve Steps

Page 1: PCI DSS Basics - The Twelve Steps
Page 2: PCI DSS Basics - The Twelve Steps

6 Domains!

12 Requirements!

~200 Sub-requirements!

Page 3: PCI DSS Basics - The Twelve Steps

Build and maintain a secure network !Requirement 1: Install and maintain a firewall configuration to protect cardholder data!!rules for firewalls, routers, and DMZ

"Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters !!inventory your devices, including your wireless ones; then harden them"

Page 4: PCI DSS Basics - The Twelve Steps

Protect cardholder data !Requirement 3: Protect stored cardholder data!!data retention—don’t keep if you don’t need it""mask, encrypt, tokenize"

!Requirement 4: Encrypt transmission of cardholder data across open, public networks !!and wireless and messaging"

!

Page 5: PCI DSS Basics - The Twelve Steps

Maintain a vulnerability management program

!Requirement 5: Protect all systems against malware and regularly update anti-virus software or programs !

system components including all operating system types commonly affected by malicious software"

Requirement 6: Develop and maintain secure systems and applications !!development life cycle rules, secure coding, change control, patching!

Page 6: PCI DSS Basics - The Twelve Steps

Implement strong

access control measures !Requirement 7: Restrict access to

cardholder data by business need-to-know!!change control on who can do what"

Requirement 8: Identify and authenticate access to system components!!are you who you say you are?"

Requirement 9: Restrict physical access to cardholder data !!are you allowed in here? physical media"

Page 7: PCI DSS Basics - The Twelve Steps

Regularly monitor and test networks !

•  Requirement 10: Track and monitor all access to network resources and cardholder data!– collect and analyze logs; respond to events"

•  Requirement 11: Regularly test security systems and processes !– wireless? vulnerability scans, penetration

tests, intrusion detection and prevention!

Page 8: PCI DSS Basics - The Twelve Steps

Maintain an information security policy !

Requirement 12: Maintain a policy that addresses information security for all personnel !– security policy, risk assessment process,

usage policy, who’s doing what and who’s in charge, security awareness training, background checks, manage service providers, incident response plan and team including disaster recovery and business continuity !

Page 9: PCI DSS Basics - The Twelve Steps

?Hoyt  L.  Kesterson  II  Senior  Security  Architect  [email protected]  602  316  1985  Sco@sdale,  Arizona  


PCI DSS 3.0 Branden R. Williams, 12 September 2013 DSS 3.0.pdf · Agenda Introductions PCI DSS to Date PCI DSS 3.0 Preview Challenges & Issues Keep in Touch! Questions!

PCI DSS 3.0 Branden R. Williams, 12 September 2013 DSS 3.0.pdf · Agenda Introductions PCI DSS to Date PCI DSS 3.0 Preview Challenges & Issues Keep in Touch! Questions!

PCI DSS Compliance PCI DSS... · Introduction to PCI DSS 3 . PCI Security Standards Card Schemes Acquirer Council (PCI SSC) 4 Overview of PCI DSS Roles and Responsibilities Each of

PCI DSS Compliance PCI DSS... · Introduction to PCI DSS 3 . PCI Security Standards Card Schemes Acquirer Council (PCI SSC) 4 Overview of PCI DSS Roles and Responsibilities Each of

LESS IS MORE PCI DSS SCOPING DEMYSTIFIED - … IS MORE PCI DSS SCOPING DEMYSTIFIED . ... PCI DSS assessment. However, ... PA-QSA . PCI Awareness . QSA . Guidance . Mobile .

LESS IS MORE PCI DSS SCOPING DEMYSTIFIED - … IS MORE PCI DSS SCOPING DEMYSTIFIED . ... PCI DSS assessment. However, ... PA-QSA . PCI Awareness . QSA . Guidance . Mobile .

Ten Common Myths of PCI DSS - Point of Sale€¦ · PCI DSS MYTHS Ten Common Myths of PCI DSS The Payment Card Industry Data Security Standard (PCI DSS) secures cardholder data that

Ten Common Myths of PCI DSS - Point of Sale€¦ · PCI DSS MYTHS Ten Common Myths of PCI DSS The Payment Card Industry Data Security Standard (PCI DSS) secures cardholder data that

PCI DSS 3.0 Changes & Challenges - NDSU · PCI DSS 3.0 Changes & Challenges Our Agenda •FRSecure, the company •Introduction to PCI-DSS •Recent breaches •Recent PCI-DSS changes

PCI DSS 3.0 Changes & Challenges - NDSU · PCI DSS 3.0 Changes & Challenges Our Agenda •FRSecure, the company •Introduction to PCI-DSS •Recent breaches •Recent PCI-DSS changes

PCI DSS & PA DSS Version 3.0 Changes Webinar

PCI DSS & PA DSS Version 3.0 Changes Webinar

PCI DSS and PA DSS

PCI DSS and PA DSS

NEW PCI DSS 3.0 Requirements (PCI Compliance)

NEW PCI DSS 3.0 Requirements (PCI Compliance)

PCI DSS Prioritized Approach for PCI DSS 3 · PDF file2 PCI DSS Prioritized Approach for PCI DSS 3.2 2016 PCI Security Standards Council LLC. The intent of this document is to provide

PCI DSS Prioritized Approach for PCI DSS 3 · PDF file2 PCI DSS Prioritized Approach for PCI DSS 3.2 2016 PCI Security Standards Council LLC. The intent of this document is to provide

PCI DSS Data Storage Do’s and Don’ts - CSUbusfin.colostate.edu/Forms/General_Forms/fmMerchantPCIFormsData… · PCI DSS DATA STORAGE PCI DSS Data Storage Do’s and ... no payment

PCI DSS Data Storage Do’s and Don’ts - CSUbusfin.colostate.edu/Forms/General_Forms/fmMerchantPCIFormsData… · PCI DSS DATA STORAGE PCI DSS Data Storage Do’s and ... no payment

Information Supplement - PCI DSS Wireless Guidelines · PDF fileInformation Supplement: PCI DSS Wireless Guidelines Standard: PCI Data Security Standard (PCI DSS) Version: 2.0 Date:

Information Supplement - PCI DSS Wireless Guidelines · PDF fileInformation Supplement: PCI DSS Wireless Guidelines Standard: PCI Data Security Standard (PCI DSS) Version: 2.0 Date:

PCI DSS Compliance Services - Galitt · 2016-04-01 · PCI DSS Compliance Services 20160104-Galitt-PCI DSS Compliance Services.pptx . Agenda ... insurance company (2015) ... • The

PCI DSS Compliance Services - Galitt · 2016-04-01 · PCI DSS Compliance Services 20160104-Galitt-PCI DSS Compliance Services.pptx . Agenda ... insurance company (2015) ... • The

PCI DSS & PA DSS Version 3.0

PCI DSS & PA DSS Version 3.0

Oracle SuperCluster and PCI Compliance SuperCluster and PCI Compliance ... The PCI DSS framework is composed of twelve requirements and each requirement has ... Center for Internet

Oracle SuperCluster and PCI Compliance SuperCluster and PCI Compliance ... The PCI DSS framework is composed of twelve requirements and each requirement has ... Center for Internet

PCI DSS Certification

PCI DSS Certification

PCI DSS Overview

PCI DSS Overview

PCI DSS Compliance - WhiteCanyon Softwarerequirements for PCI DSS Certification. WHAT DOES IT MEAN TO BE PCI-DSS COMPLIANT? Businesses that achieve PCI DSS certification enjoy access

PCI DSS Compliance - WhiteCanyon Softwarerequirements for PCI DSS Certification. WHAT DOES IT MEAN TO BE PCI-DSS COMPLIANT? Businesses that achieve PCI DSS certification enjoy access

PCI DSS Essential Guide

PCI DSS Essential Guide

PCI DSS Compliance in the UNIX/LINUX Datacenter Environmenthosteddocs.ittoolbox.com/pci-dss-compliance-in... · 4 PCI DSS Compliance in the UNIX/Linux Datacenter Executive Summary

PCI DSS Compliance in the UNIX/LINUX Datacenter Environmenthosteddocs.ittoolbox.com/pci-dss-compliance-in... · 4 PCI DSS Compliance in the UNIX/Linux Datacenter Executive Summary

PCI DSS - Plante Morango.plantemoran.com/acton/attachment/15093/f-0521/1/-/-/-/-/PCI DSS... · PCI DSS version 3.2 changes The Payment Card Industry (PCI) Data Security Standards

PCI DSS - Plante Morango.plantemoran.com/acton/attachment/15093/f-0521/1/-/-/-/-/PCI DSS... · PCI DSS version 3.2 changes The Payment Card Industry (PCI) Data Security Standards