User Tools

Site Tools


pcidss

PCI

PCI-DSS is for taking credit card payments. Information for it can be found in the following links

Links

Hints

  • When doing a PCI Assessment make sure to organize your notes by requirements and to keep track of the follow up items needed to finish the assessment.

Summary of controls

CDE = cardholder data environment

  1. Firewall configuration and controls
  2. Vendor defaults(i.e., passwords, logins, insecure settings)
  3. Protection of card holder data
  4. Encryption of cardholder data passing across public/open networks
  5. Antivirus and malware protection
  6. Secure Development
  7. Restrict access to cardholder data by business need to know
  8. Identify and authentication to systems
  9. Restrict physical access to CDE
  10. Logs/Monitoring to CDE
  11. Regular testing of systems/processes
  12. Policy information security all individuals with access to CDE
pcidss.txt · Last modified: 2019/08/13 22:13 by 12.129.4.210