PCI 3.0 - Going beyond compliance

The PCI Security Standards Council (PCI SSC) has recently published version 3.0 of the PCI Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) for debit and credit card security. As a result, organizations now need to move to address comprehensive security practices built on shared responsibility than just compliance.

The PCI-DSS 3.0 Overview

Build and Maintain a Secure Network	Install & maintain a firewall configuration to protect cardholder data Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data	Protect stored cardholder data Encrypt transmission of cardholder data across open public networks
Maintain a Vulnerability Management Program	Protect all systems against malware and regularly update anti-virus software or programs Develop and maintain secure systems and applications
Implement StrongAccess ControlMeasures	Restrict access to cardholder data by business need-to-know Identify and authenticate access to system components Restrict physical access to cardholder data
Regularly Monitor and Test Networks	Track and monitor all access to network resources and cardholder data Regularly test security systems and processes
Maintain an Information Security Policy	Maintain a policy that addresses information security for all personnel

Applicability of PCI DSS 3.0: 1st January 2014
2.0 to 3.0 transition time limit: 31st December 2014

Spread the love

PCI 3.0 – Going beyond compliance

Join 47000+ Security Leaders

Fully Managed SaaS-Based Web Application Security Solution

Get free access to Integrated Application Scanner, Web Application Firewall, DDoS & Bot Mitigation, and CDN for 14 days