Summary of PCI DSS Requirements

Build and Maintain a Secure Network

• Requirement 1:

  Install and maintain a firewall configuration to protect cardholder data

• Requirement 2:

  Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data

• Requirement 3:

  Protect stored cardholder data

• Requirement 4:

  Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program

• Requirement 5:

  Use and regularly update anti-virus software

• Requirement 6:

  Develop and maintain secure systems and applications

Implement Strong Access Control Measures

• Requirement 7:

  Restrict access to cardholder data by business need-to-know

• Requirement 8:

  Assign a unique ID to each person with computer access

• Requirement 9:

  Restrict physical access to cardholder data

Regularly Monitor and Test Networks

• Requirement 10:

  Track and monitor all access to network resources and cardholder data

• Requirement 11:

  Regularly test security systems and processes

Maintain an Information Security Policy

• Requirement 12:

  Maintain a policy that addresses information security