Security Standards
In 2004, the AIS Program incorporated the Payment Card Industry Data Security Standard (PCI DSS) resulting from a cooperative effort between Visa and MasterCard to create common industry security requirements.
Effective September 7, 2006 the PCI Security Standard Council (SSC) owns, maintains and distributes the PCI DSS and all its supporting documents. The council was founded by the top 5 payment card companies. Visa Inc. , however , continues to manage all data security compliance enforcement and validation initiatives.
The standards consist of 12 basic requirements grouped into 6 categories:
Build and Maintain a Secure Network
1. Install and maintain a firewall configuration to protect data
2. Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
3. Protect stored data
4. Encrypt transmission of cardholder data and sensitive information across public networks
Maintain a Vulnerability Management Program
5. Use and regularly update anti-virus software
6. Develop and maintain secure systems and applications
Implement Strong Access Control Measures
7. Restrict access to data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
Regularly Monitor and Test Networks
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
Maintain an Information Security Policy
12. Maintain a policy that addresses information security
For additional information in regards to PCI Data Security Standards and other PCI documents, visit: www.PCISecurityStandards.org .