The Payment Card Industry Data Security Standard (PCI DSS) challenges businesses to safeguard credit cardholder information through strict protection measures. The current standard includes 12 requirements for security management, policies, procedures, and other protective measures.
The PCI DSS is a security standard meant to protect credit and debit card transactions at merchants around the world, and is relevant to any entity that stores, processes, or transmits cardholder data. It applies to service providers in all payment channels and is enforced by the five major credit card brands.
See how Rapid7 acts as your trusted partner with solutions to help secure cloud services, manage vulnerabilities, and stay aligned with the current PCI standard.
Requirement 1: Maintain firewall configuration to protect cardholder data
Requirement 2: No vendor-supplied default system passwords or configurations
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data over open networks
Requirement 5: Protect systems against malware, regularly update antivirus programs
Requirement 6: Develop and maintain secure systems and applications
Requirement 7: Restrict access to cardholder data
Requirement 8: Identify and authenticate access to cardholder data
Requirement 9: Restrict physical access to cardholder data
Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes
Requirement 12: Maintain an information security policy for all personnel