PCI-DSS v2.0





The 12 PCI DSS Requirements

Below are the 12 requirements for PCI DSS Compliance:

PCI DSS Requirement 1:
Install and maintain a firewall configuration to protect cardholder data

PCI DSS Requirement 2:
Don't use vendor defaults for system passwords and other security parameters

PCI DSS Requirement 3:
Protect stored cardholder data

PCI DSS Requirement 4:
Encrypt transmission of cardholder data across open, public networks

PCI DSS Requirement 5:
Use and regularly update anti-virus software



PCI DSS Requirement 6:
Develop and maintain secure systems and applications

PCI DSS Requirement 7:
Restrict access to cardholder data by business need-to-know

PCI DSS Requirement 8:
Assign a unique ID to each person with computer access

PCI DSS Requirement 9:
Restrict physical access to cardholder data

PCI DSS Requirement 10:
Track and monitor all access to network resources and cardholder data

PCI DSS Requirement 11:
Regularly test security systems and processes

PCI DSS Requirement 12:
Maintain a policy that addresses information security


PCI DSS Control Objectives

In addition, there are 5 main control objectives for PCI DSS compliance and validations:

1. Build and Maintain a Secure Network

2, Protect Cardholder Data

3. Maintain a Vulnerability Management Program

4. Implement Strong Access Control Measures

5. Regularly Monitor and Test Networks