Previously we have shortly described reason why do we need to implement PCI DSS and why it can be required in some organisations.
Now let’s try to work out the way from what better to start. Of course if you want to implement something, you need instruction or an official documentation from the vendor and as such we going to use PCI DSS Quick Reference Guide.
With help of this document you can easily obtain all information about PCI DSS requirements and get prepared for audit. Also it will help you created security controls and processes so your infrastrucre will be fully compliant.
Content of this document covers following points:
Overview of PCI Requirements:
- The PCI Data Security Standard
- PIN Transaction Security Requirements
- Payment Application Data Security Standard
Security Controls and Processes for PCI DSS Requirements
- Build and Maintain a Secure Network
- Protect Cardholder Data
- Maintain a Vulnerability Management Program
- Implement Strong Access Control Measures
- Regularly Monitor and Test Networks
- Maintain an Information Security Policy
- Compensating Controls for PCI DSS Requirements
How to Comply with PCI DSS
- Choosing a Qualified Security Assessor
- Choosing an Approved Scanning Vendor
- Scope of Assessment for Compliance
- Using the Self-Assessment Questionnaire (SAQ)