Security Standards Council term paper

Learning Topic
PCI Standards DSS 12
Requirements
The Payment Card Industry (PCI) Security Standards Council (SSC) has
developed standards to protect the credit card payment data of
cardholders. Any businesses that store, process, or transmit this data are
governed by these security standards, and all technical and operational
system components must comply with the rules set by the standards.
There are 12 core requirements associated with this compliance. The
table below provides the PCI DSS requirements and the control
objectives achieved by those requirements.
Control Objectives PCI DSS Requirements
Build and maintain a
secure network
1. Install and maintain a firewall
configuration to protect cardholder data
2. Do not use vendor‐supplied defaults for
system passwords and other security
parameters
Maintain an information
security policy
12. Maintain a policy that addresses
information security
PCI Standards DSS 12 Requirements https://leocontent.umgc.edu/content/scor/uncurated/cst/2215-cst630/lear…
1 of 4 10/22/2021, 4:38 PM
Control Objectives PCI DSS Requirements
Maintain an information
security policy
12. Maintain a policy that addresses
information security
Protect cardholder data 3. Protect stored cardholder data
4. Encrypt transmission of cardholder data
across open, public networks
Maintain a vulnerability
management program
5. Use and regularly update antivirus
software on all systems commonly affected
by malware
6. Develop and maintain secure systems and
applications
Implement strong access
control measures
7. Restrict access to cardholder data by
business need‐to‐know
8. Assign a unique ID to each person with
computer access
9. Restrict physical access to cardholder data
Regularly monitor and test
networks
10. Track and monitor all access to network
resources and cardholder data
11. Regularly test security systems and
processes
The six objectives of PCI DSS are directly relatable to the 12 PCI DSS
requirements as shown in the table. Details specific to each requirement
PCI Standards DSS 12 Requirements https://leocontent.umgc.edu/content/scor/uncurated/cst/2215-cst630/lear…
2 of 4 10/22/2021, 4:38 PM
are outlined in the PCI DSS Quick Reference Guide at
https://www.pcisecuritystandards.org/documents/PCIDSS_QRGv3_1.pdf
PCI DSS compliance to these standards helps to ensure that payments
systems are safe from cyberattacks and that transactions conducted by
those systems are secure (Ryan Technical Services, n.d.).
References
Ryan Technical Services (n.d.). PCI DSS compliance. http://ryantech.com
/pci‐dss‐compliance
Required
• PCI DSS and Data Protection: It Is Everyone’s
Responsibility (/content/scor/uncurated/cst/2215‐
cst630/learning‐resource‐list/pci‐dss‐and‐data‐
protection‐‐it‐is‐everyone‐
s‐responsibility.html?ou=610183)
Licenses and Attributions
Payment Card Industry Data Security Standard
(https://en.wikipedia.org
/wiki/Payment_Card_Industry_Data_Security_Standard) from Wikipedi
a is available under a Creative Commons Attribution‐ShareAlike 3.0
Unported (https://creativecommons.org/licenses/by‐sa/3.0
/deed.en) license. UMGC has modified this work and it is available
under the original license.
Resources
PCI Standards DSS 12 Requirements https://leocontent.umgc.edu/content/scor/uncurated/cst/2215-cst630/lear…
3 of 4 10/22/2021, 4:38 PM
© 2021 University of Maryland Global Campus
All links to external sites were verified at the time of publication. UMGC is not responsible for the
validity or integrity of information located at external sites.
PCI Standards DSS 12 Requirements https://leocontent.umgc.edu/content/scor/uncurated/cst/2215-cst630/lear…
4 of 4 10/22/2021, 4:38 PM