9. White-Collar Crime Penalty Enhancements
10. Corporate Tax Returns
11. Corporate Fraud Accountability
Source: SarbanesOxleyCompliance.com
Payment Card Industry Data Security Standard (PCI DSS)
What it covers: The PCI DSS is a set of requirements for enhancing security of payment customer account data. It was developed by the founders of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa to help facilitate global adoption of consistent data security measures. PCI DSS includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures.
More about PCI DSS
* PCI's post-audit pain points
* The art of the compensating control
* The essential retail security reader
The Council has also issued requirements called the Payment Application Data Security Standard (PA DSS) and PCI Pin Transaction Security (PCI PTS).
Who is affected: Retailers, credit card companies, anyone handling credit card data.
Link to the PCI DSS requirements:
The current version is PCI DSS v2.0, issued 10/28/2010. https://www.pcisecuritystandards.org/security_standards/documents.php
You will also find full text of the latest PA DSS and PCI PTS requirements on that page.
Support documents (including a summary of the significant differences between PCI DSS v1.2 and PCI DSS v2.0): https://www.pcisecuritystandards.org/security_standards/pci_dss_supporti...
Key requirements/provisions: Currently, PCI DSS specifies 12 requirements, organized in six basic objectives:
Objective 1: Build and Maintain a Secure Retail Point of Sale System
Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
Objective 2: Protect Cardholder Data
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks
