Workflow Templates: Payment Card Industry Data Security Standard (PCI DSS) Compliance Checklist

Install and maintain a firewall configuration to protect cardholder data

Do not use vendor-supplied defaults for system passwords and other security parameters

Develop configuration standards for all system components

Protect stored cardholder data with encryption, truncation, masking, and hashing

Encrypt transmission of cardholder data across open, public networks

Maintain a policy that addresses information security for all personnel

Use and regularly update anti-virus software or programs

Develop and maintain secure systems and applications

Ensure that all system components and software are protected from known vulnerabilities

Limit access to cardholder data by business need-to-know

Assign a unique ID to each person with computer access

Restrict physical access to cardholder data

Track and monitor all access to network resources and cardholder data

Regularly test security systems and processes

Implement automated audit trails for all system components

Establish, publish, maintain, and disseminate a security policy

Develop daily operational security procedures that are consistent with the policy

Ensure that the security policy and procedures clearly define information security responsibilities for all personnel

Payment Card Industry Data Security Standard (PCI DSS) Compliance Checklist