HomePCI DSS Requirements

PCI DSS Requirements

PCI DSS Requirement 12 Explained

A strong security policy establishes the compliance for the whole organization and advises staff about what they are supposed to do. Both employees should be informed of data protection and their security duties.

PCI DSS Requirement 11 Explained

Vulnerabilities are constantly found by malicious individuals and researchers, and new software is introduced to them. System components, processes, and custom applications should be periodically reviewed to ensure an evolving environment continues to represent security controls.

PCI DSS Requirement 10 Explained

Logging systems and monitoring user behaviors are important to prevent, identify or mitigate the effect of a data compromise. The availability of logs in all environments makes it possible to monitor, warn and evaluate thoroughly when something goes wrong.

PCI DSS Requirement 9 Explained

Any physical access to data or systems that house cardholder data provides individuals with the ability to access devices or data, and delete systems or hardcopies, which should be limited appropriately.

PCI DSS Requirement 8 Explained

Assigning each person with access to a unique identity (ID) ensures that each individual has specific accountability for their actions. When such accountability is in place, critical data and system activities are carried out by established and approved users and procedures and can be tracked accordingly.

PCI DSS Requirement 7 Explained

To ensuring that critical data can only be accessed by authorized personnel, it is important to have systems and processes to place to limit access based on the need to learn and the job responsibilities.

PCI DSS Requirement 6 Explained

Unscrupulous people are exploiting bugs to gain privileged access to programs. Many of these bugs are addressed by the manufacturer's security patches, which must be implemented by the device-running organizations.

PCI DSS Requirement 5 Explained

Malicious software, commonly referred to as "malware" including worms, viruses and trojans, reaches the network during a number of business-approved activities, including employee email and Internet usage, mobile phones, and storage devices, resulting in system vulnerabilities being exploited.

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!