Wireless Access Point
593
Appendix F: Auditing PCI DSS
The Payment Card Industry (PCI) Data Security Standard (DSS) was developed
by major credit card companies to help those that process credit card transactions
(or cardholder information) in order to secure cardholder information and protect
it from unauthorized access, fraud and other security issues. The major
contributors to the standard are VISA, MasterCard, American Express, JCB, and
Discover. The standard also helps consolidate various individual standards that
were developed by each of the listed card companies. Merchants or others who
process credit card transactions are required to comply with the standard and to
prove their compliance by way of an audit from a Qualified Security Assessor.
PCI DSS lays out a set of requirements that must be met in order to provide
adequate security for sensitive data.
Payment Card Industry Data Security Standard Overview
The PCI Data Security Standard (PCI DSS) has 12 main requirements that are
grouped into six control objectives. The following table lists each control objective
and the specific requirements for each objective. For the latest updates to this list,
check the PCI Security Standards Web site: www.pcisecuritystandards.org.
PCI DSS Control Objectives and Associated Requirements
Objective: Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect
cardholder data.
Requirement 2: Do not use vendor-supplied defaults for system passwords
and other security parameters.
Objective: Protect Cardholder Data
Requirement 3: Protect stored cardholder data.
Requirement 4: Encrypt transmission of cardholder data across open,
public networks.
To Next Page
Loading...
Need help?
General
