Workflow Templates: PCI DSS Compliance Checklist

Install and maintain a firewall configuration to protect cardholder data

Do not use vendor-supplied defaults for system passwords and other security parameters

Protect stored cardholder data

Encrypt transmission of cardholder data across open, public networks

Develop and maintain secure systems and applications

Restrict access to cardholder data by business need to know

Identify and authenticate access to system components

Restrict physical access to cardholder data

Ensure proper user identification and authentication management

Assign a unique ID to each person with computer access

Track and monitor all access to network resources and cardholder data

Regularly test security systems and processes

Implement logging mechanisms for auditing purposes

Perform vulnerability scans and penetration tests

Review logs and security events for all system components to identify anomalies or suspicious activity

Establish and maintain a security policy that addresses information security for employees and contractors

Implement a risk assessment process and conduct regular risk assessments

Ensure that security policies and operational procedures are documented, in use, and known to all affected parties

Implement a formal security awareness program to make all personnel aware of the importance of cardholder data security

Monitor and enforce adherence to the security policy and procedures

PCI DSS Compliance Checklist