Start using this Workflow
PCI DSS Compliance Checklist
Build and Maintain a Secure Network and Systems
Install and maintain a firewall configuration to protect cardholder data
Do not use vendor-supplied defaults for system passwords and other security parameters
Protect stored cardholder data
Encrypt transmission of cardholder data across open, public networks
Develop and maintain secure systems and applications
Implement Strong Access Control Measures
Restrict access to cardholder data by business need to know
Identify and authenticate access to system components
Restrict physical access to cardholder data
Ensure proper user identification and authentication management
Assign a unique ID to each person with computer access
Regularly Monitor and Test Networks
Track and monitor all access to network resources and cardholder data
Regularly test security systems and processes
Implement logging mechanisms for auditing purposes
Perform vulnerability scans and penetration tests
Review logs and security events for all system components to identify anomalies or suspicious activity
Maintain an Information Security Policy
Establish and maintain a security policy that addresses information security for employees and contractors
Implement a risk assessment process and conduct regular risk assessments
Ensure that security policies and operational procedures are documented, in use, and known to all affected parties
Implement a formal security awareness program to make all personnel aware of the importance of cardholder data security
Monitor and enforce adherence to the security policy and procedures
