PCI Requirements

Build and Maintain a Secure Network

• 1.Install and maintain a firewall configuration to protect data
• 2.Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data

• 3.Protect stored data (use encryption)
• 4.Encrypt transmission of cardholder data and sensitive information across public networks

Maintain a Vulnerability Management Program

• 5.Use and regularly update anti-virus software
• 6.Develop and maintain secure systems and applications

Implement Strong Access Control Measures

• 7.Restrict access to data by business need-to-know
• 8.Assign a unique ID to each person with computer access
• 9.Restrict physical access to cardholder data

Regularly Monitor and Test Networks

• 10.Track and monitor all access to network resources and cardholder data
• 11.Regularly test security systems and processes

Maintain an Information Security Policy