The 12 Requirements of PCI DSS Compliance Checklist
Build and Maintain Secure Networks and Systems
- Protect systems with firewalls to restrict incoming and outgoing network traffic.
- Configure proper passwords and settings and never use vendor supplied defaults.
Protect Stored Cardholder Data
- Protect and secure stored cardholder data and prevent breaches using encryption.
- Encrypt transmission of cardholder data across open, public networks (AES-256).
Classify, Remediate, and Mitigate Vulnerabilities
- Protect all systems against malware and regularly update anti-virus software or programs.
- Develop and maintain secure systems and applications with regular updates and patching.
Enforce Strong Access Control Measures
- Restrict access to cardholder data by business justification on a need to know basis.
- Assign each person unique credentials to access computer resources.
- Restrict physical access to workplaces and cardholder data.
Periodically Monitor and Test Networks
- Implement log management to track and monitor access to network and cardholder data.
- Conduct vulnerability scans and penetration tests to identify potential weaknesses.
Maintain an Information Security Policy
- Maintain a policy that addresses information security for all personnel.