PCI DSS Basics - The Twelve Steps
Click here to load reader
-
Upload
terra-verde -
Category
Business
-
view
259 -
download
4
description
Transcript of PCI DSS Basics - The Twelve Steps
![Page 1: PCI DSS Basics - The Twelve Steps](https://reader038.fdocuments.us/reader038/viewer/2022100601/5575e0acd8b42af74e8b4573/html5/thumbnails/1.jpg)
![Page 2: PCI DSS Basics - The Twelve Steps](https://reader038.fdocuments.us/reader038/viewer/2022100601/5575e0acd8b42af74e8b4573/html5/thumbnails/2.jpg)
6 Domains!
12 Requirements!
~200 Sub-requirements!
![Page 3: PCI DSS Basics - The Twelve Steps](https://reader038.fdocuments.us/reader038/viewer/2022100601/5575e0acd8b42af74e8b4573/html5/thumbnails/3.jpg)
Build and maintain a secure network !Requirement 1: Install and maintain a firewall configuration to protect cardholder data!!rules for firewalls, routers, and DMZ
"Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters !!inventory your devices, including your wireless ones; then harden them"
![Page 4: PCI DSS Basics - The Twelve Steps](https://reader038.fdocuments.us/reader038/viewer/2022100601/5575e0acd8b42af74e8b4573/html5/thumbnails/4.jpg)
Protect cardholder data !Requirement 3: Protect stored cardholder data!!data retention—don’t keep if you don’t need it""mask, encrypt, tokenize"
!Requirement 4: Encrypt transmission of cardholder data across open, public networks !!and wireless and messaging"
!
![Page 5: PCI DSS Basics - The Twelve Steps](https://reader038.fdocuments.us/reader038/viewer/2022100601/5575e0acd8b42af74e8b4573/html5/thumbnails/5.jpg)
Maintain a vulnerability management program
!Requirement 5: Protect all systems against malware and regularly update anti-virus software or programs !
system components including all operating system types commonly affected by malicious software"
Requirement 6: Develop and maintain secure systems and applications !!development life cycle rules, secure coding, change control, patching!
![Page 6: PCI DSS Basics - The Twelve Steps](https://reader038.fdocuments.us/reader038/viewer/2022100601/5575e0acd8b42af74e8b4573/html5/thumbnails/6.jpg)
Implement strong
access control measures !Requirement 7: Restrict access to
cardholder data by business need-to-know!!change control on who can do what"
Requirement 8: Identify and authenticate access to system components!!are you who you say you are?"
Requirement 9: Restrict physical access to cardholder data !!are you allowed in here? physical media"
![Page 7: PCI DSS Basics - The Twelve Steps](https://reader038.fdocuments.us/reader038/viewer/2022100601/5575e0acd8b42af74e8b4573/html5/thumbnails/7.jpg)
Regularly monitor and test networks !
• Requirement 10: Track and monitor all access to network resources and cardholder data!– collect and analyze logs; respond to events"
• Requirement 11: Regularly test security systems and processes !– wireless? vulnerability scans, penetration
tests, intrusion detection and prevention!
![Page 8: PCI DSS Basics - The Twelve Steps](https://reader038.fdocuments.us/reader038/viewer/2022100601/5575e0acd8b42af74e8b4573/html5/thumbnails/8.jpg)
Maintain an information security policy !
Requirement 12: Maintain a policy that addresses information security for all personnel !– security policy, risk assessment process,
usage policy, who’s doing what and who’s in charge, security awareness training, background checks, manage service providers, incident response plan and team including disaster recovery and business continuity !
![Page 9: PCI DSS Basics - The Twelve Steps](https://reader038.fdocuments.us/reader038/viewer/2022100601/5575e0acd8b42af74e8b4573/html5/thumbnails/9.jpg)
?Hoyt L. Kesterson II Senior Security Architect [email protected] 602 316 1985 Sco@sdale, Arizona