PCI DSS Requirements and Security Assessment Procedures, Version 2.0 October 2010
Copyright 2010 PCI Security Standards Council LLC Page 3
Table of Contents
Document Changes ........................................................................................................................................................................... 2
Introduction and PCI Data Security Standard Overview ................................................................................................................. 5
PCI DSS Applicability Information .................................................................................................................................................... 7
Relationship between PCI DSS and PA-DSS .................................................................................................................................... 9
Scope of Assessment for Compliance with PCI DSS Requirements ............................................................................................ 10
Network Segmentation .................................................................................................................................................................. 10
Wireless ........................................................................................................................................................................................ 11
Third Parties/Outsourcing .............................................................................................................................................................. 11
Sampling of Business Facilities/System Components.................................................................................................................... 12
Compensating Controls ................................................................................................................................................................. 13
Instructions and Content for Report on Compliance .................................................................................................................... 14
Report Content and Format ........................................................................................................................................................... 14
Revalidation of Open Items ........................................................................................................................................................... 17
PCI DSS Compliance – Completion Steps .................................................................................................................................... 18
Detailed PCI DSS Requirements and Security Assessment Procedures ..................................................................................... 19
Build and Maintain a Secure Network .......................................................................................................................................... 20
Requirement 1: Install and maintain a firewall configuration to protect cardholder data ............................................................ 20
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters ............................. 24
Protect Cardholder Data ................................................................................................................................................................ 28
Requirement 3: Protect stored cardholder data ......................................................................................................................... 28
Requirement 4: Encrypt transmission of cardholder data across open, public networks ........................................................... 35
Maintain a Vulnerability Management Program ........................................................................................................................... 37
Requirement 5: Use and regularly update anti-virus software or programs ............................................................................... 37
Requirement 6: Develop and maintain secure systems and applications .................................................................................. 38
Implement Strong Access Control Measures .............................................................................................................................. 44
Requirement 7: Restrict access to cardholder data by business need to know ......................................................................... 44
Requirement 8: Assign a unique ID to each person with computer access ............................................................................... 46
Requirement 9: Restrict physical access to cardholder data ..................................................................................................... 51
Regularly Monitor and Test Networks .......................................................................................................................................... 55
Requirement 10: Track and monitor all access to network resources and cardholder data ....................................................... 55
评论0