Summary of PCI DSS Requirements

Build and Maintain a Secure Network

  • Requirement 1:

    Install and maintain a firewall configuration to protect cardholder data

  • Requirement 2:

    Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data

  • Requirement 3:

    Protect stored cardholder data

  • Requirement 4:

    Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program

  • Requirement 5:

    Use and regularly update anti-virus software

  • Requirement 6:

    Develop and maintain secure systems and applications

Implement Strong Access Control Measures

  • Requirement 7:

    Restrict access to cardholder data by business need-to-know

  • Requirement 8:

    Assign a unique ID to each person with computer access

  • Requirement 9:

    Restrict physical access to cardholder data

Regularly Monitor and Test Networks

  • Requirement 10:

    Track and monitor all access to network resources and cardholder data

  • Requirement 11:

    Regularly test security systems and processes

Maintain an Information Security Policy

  • Requirement 12:

    Maintain a policy that addresses information security