Start using this Workflow
Payment Card Industry Data Security Standard (PCI DSS) Compliance Checklist
Build and Maintain a Secure Network
Install and maintain a firewall configuration to protect cardholder data
Do not use vendor-supplied defaults for system passwords and other security parameters
Develop configuration standards for all system components
Protect Cardholder Data
Protect stored cardholder data with encryption, truncation, masking, and hashing
Encrypt transmission of cardholder data across open, public networks
Maintain a policy that addresses information security for all personnel
Maintain a Vulnerability Management Program
Use and regularly update anti-virus software or programs
Develop and maintain secure systems and applications
Ensure that all system components and software are protected from known vulnerabilities
Implement Strong Access Control Measures
Limit access to cardholder data by business need-to-know
Assign a unique ID to each person with computer access
Restrict physical access to cardholder data
Regularly Monitor and Test Networks
Track and monitor all access to network resources and cardholder data
Regularly test security systems and processes
Implement automated audit trails for all system components
Maintain an Information Security Policy
Establish, publish, maintain, and disseminate a security policy
Develop daily operational security procedures that are consistent with the policy
Ensure that the security policy and procedures clearly define information security responsibilities for all personnel
