PCI DSS Compliance Checklist
Here are the 12 primary requirements of the PCI DSS :
Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other
security parameters
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks
Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications
Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data
Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes
Requirement 12: Maintain a policy that addresses information security
Security Manager Plus supports the following requirements of the PCI DSS :
| PCI DSS requirements |
Support Status |
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters |
2.1 Always change vendor-supplied defaults before installing a system on the network |
Yes |
2.2 Develop configuration standards for all system components. Assure that these standards address all known security vulnerabilities |
2.2.1 Implement only one primary function per server |
Yes |
2.2.2 Disable all unnecessary and insecure services and protocols |
Yes |
2.2.3 Configure system security parameters to prevent misuse |
Yes |
2.3 Encrypt all non-console administrative access |
Yes |
|
|
Requirement 4: Encrypt transmission of cardholder data across open, public networks |
4.1 Use strong cryptography and security protocols |
Yes |
|
|
Requirement 5: Use and regularly update anti-virus software or programs |
| 5.1 Deploy anti-virus software on all systems commonly affected by viruses |
| 5.1.1 Ensure that anti-virus programs are capable of detecting, removing, and protecting against other forms of malicious software |
Yes |
| 5.2 Ensure that all anti-virus mechanisms are current, actively running, and capable of generating audit logs |
Yes |
|
|
Requirement 6: Develop and maintain secure systems and applications |
| 6.1 Ensure that all system components and software have the latest vendor-supplied security patches installed |
Yes |
| 6.2 Establish a process to identify newly discovered security vulnerabilities |
Yes |
| 6.5 Develop all web applications based on secure coding guidelines |
Yes |
|
|
Requirement 11: Regularly test security systems and processes |
| 11.2 Run internal and external network vulnerability scans at least quarterly |
Yes |
| 11.5 Deploy file integrity monitoring software to alert personnel to unauthorized modification of critical system or content files; and configure the software to perform critical file comparisons at least weekly. |
Yes |
|
Requirement 12: Maintain a policy that addresses information security for employees and contractors |
| 12.2 Develop daily operational security procedures that are consistent with requirements in this specification |
Yes |
