Word of the Day: PCI DSS compliance

Word of the Day Daily updates on the latest technology terms |November 2, 2017

PCI DSS compliance Payment Card Industry Data Security Standard (PCI DSS) compliance is adherence to the set of policies and procedures developed to protect credit, debit and cash card transactions and prevent the misuse of cardholders' personal information. PCI DSS compliance is required by all card brands. The Payment Card Industry Security Standards Council (PCI SSC) develops and manages the PCI standards and associated education and awareness efforts. The PCI SSC is an open global forum, with the five founding credit card companies -- American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. -- responsible for carrying out the organization's work. Twelve PCI DSS requirements for compliance There are 12 main requirements in six overarching goals for PCI DSS compliance. According to the PCI SSC, a vendor must complete the following tasks as part of its PCI compliance checklist: Goal 1. Build and maintain a secure network. 1. Install and maintain a firewall configuration to protect cardholder data (CHD). 2. Not use vendor-supplied defaults for system passwords and other security parameters. Goal 2: Protect cardholder data. 3. Protect stored cardholder data. 4. Encrypt transmission of cardholder data across open, public networks. Goal 3: Maintain a vulnerability management program. 5. Use and regularly update antivirus software. 6. Develop and maintain secure systems and applications. Goal 4: Implement strong access control measures. 7. Restrict access to cardholder data by business need-to-know. 8. Assign a unique ID to each person with computer access. 9. Restrict physical access to cardholder data. Goal 5: Regularly monitor and test networks. 10. Track and monitor all access to network resources and cardholder data. 11. Regularly test security systems and processes. Goal 6: Maintain an information security policy. 12. Maintain a policy that addresses information security. Read more... Quote of the Day "Overall responsibility for the PCI DSS compliance program may be assigned to individual roles and/or to business units within the organization, but the executive visibility is critical for service providers where protecting cardholder data is central to their business." - Troy Leach   Trending Terms PCI DSS PCI Security Standards Council cardholder data personally identifiable information cardholder data environment PCI DSS 3.0   Learning Center Enterprise compliance with PCI DSS is up, says Verizon Compliance with PCI DSS is increasing, according to a Verizon report, but it's not all good news. Plus, medical device firmware updates are out, and more. PCI DSS 3.2 focuses on encryption and multifactor authentication PCI DSS 3.2 includes requirements to strengthen encryption and multifactor authentication. PCI DSS 3.2 marks the end of major updates to the standard The PCI council said starting with PCI DSS 3.2, the standard won't be seeing significant updates, but more incremental modifications. Can video surveillance improve PCI DSS 3.0 compliance? Expert Mike Chapple looks at PCI DSS 3.0 compliance and examines if video surveillance can improve physical security around point-of-sale systems. How can vulnerability scanning tools help with PCI DSS compliance? Vulnerability scanning tools are mandatory for full PCI compliance, but make sure your organization gets them from a PCI DSS Approved Scanning Vendor. Writing for Business As change is constant, you should have a process for ______?improvement of your controls and compliance efforts. a. continual b. continuous Answer   Stay In Touch For feedback about any of our definitions or to suggest a new definition, please contact me at: mrouse@techtarget.com   Visit the Word of the Day Archives and catch up on what you've missed!   FOLLOW US About This E-Newsletter This e-newsletter is published by the TechTarget network. To unsubscribe from Whatis.com, click here. Please note, this will not affect any other subscriptions you have signed up for. TechTarget, Whatis, 275 Grove Street, Newton, MA 02466. Contact: webmaster@techtarget.com Copyright 2016 TechTarget. All rights reserved.