Security laws, regulations and guidelines directory

By CSO staff, CSO |  Security, privacy, regulation

9. White-Collar Crime Penalty Enhancements

10. Corporate Tax Returns

11. Corporate Fraud Accountability

Source: SarbanesOxleyCompliance.com

Payment Card Industry Data Security Standard (PCI DSS)

What it covers: The PCI DSS is a set of requirements for enhancing security of payment customer account data. It was developed by the founders of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa to help facilitate global adoption of consistent data security measures. PCI DSS includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures.

More about PCI DSS

* PCI's post-audit pain points

* The art of the compensating control

* The essential retail security reader

The Council has also issued requirements called the Payment Application Data Security Standard (PA DSS) and PCI Pin Transaction Security (PCI PTS).

Who is affected: Retailers, credit card companies, anyone handling credit card data.

Link to the PCI DSS requirements:

The current version is PCI DSS v2.0, issued 10/28/2010. https://www.pcisecuritystandards.org/security_standards/documents.php

You will also find full text of the latest PA DSS and PCI PTS requirements on that page.

Support documents (including a summary of the significant differences between PCI DSS v1.2 and PCI DSS v2.0): https://www.pcisecuritystandards.org/security_standards/pci_dss_supporti...

Key requirements/provisions: Currently, PCI DSS specifies 12 requirements, organized in six basic objectives:

Objective 1: Build and Maintain a Secure Retail Point of Sale System

Requirement 1: Install and maintain a firewall configuration to protect cardholder data

Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

Objective 2: Protect Cardholder Data

Requirement 3: Protect stored cardholder data

Requirement 4: Encrypt transmission of cardholder data across open, public networks


Originally published on CSO |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question
randomness