Managed WAF Start at $99

PCI 3.0 – Going beyond compliance

Posted DateJanuary 22, 2014
Posted Time < 1   min Read

The PCI Security Standards Council (PCI SSC) has recently published version 3.0 of the PCI Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) for debit and credit card security. As a result, organizations now need to move to address comprehensive security practices built on shared responsibility than just compliance.

The PCI-DSS 3.0 Overview

Build and Maintain a Secure Network
  • Install & maintain a firewall configuration to protect cardholder data
  • Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
  • Protect stored cardholder data
  • Encrypt transmission of cardholder data across open public networks
Maintain a Vulnerability Management Program
  • Protect all systems against malware and regularly update anti-virus software  or programs
  • Develop and maintain secure systems and applications
Implement StrongAccess ControlMeasures
  • Restrict access to cardholder data by business need-to-know
  • Identify and authenticate access to system components
  • Restrict physical access to cardholder data
Regularly Monitor and Test Networks
  • Track and monitor all access to network resources and cardholder data
  • Regularly test security systems and processes
Maintain an Information Security Policy
  • Maintain a policy that addresses information security for all personnel

Applicability of PCI DSS 3.0: 1st January 2014
2.0 to 3.0 transition time limit: 31st December 2014


web application security banner

Spread the love

Join 47000+ Security Leaders

Get weekly tips on blocking ransomware, DDoS and bot attacks and Zero-day threats.

We're committed to your privacy. indusface uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.