ABSTRACT
Virtually every organization that has something to sell allows patrons to use a credit card to make a payment or provide a donation. Without the capacity to process these credit cards, companies are crippled and cannot function in a profitable manner. Because of this fact, organizations are often entrusted with thousands of credit card numbers, as well as the customer data associated with
Contents PCI Compliance ..................................................................................................................... 346
Goal of PCI DSS ................................................................................................................ 346 Who Must Adhere to PCI Compliance? ............................................................................. 346 Who Is Authorized to Perform PCI Security Scans? ............................................................ 347
The Five Levels of PCI Compliance ......................................................................................... 347 Level 1 Compliance ............................................................................................................ 347 Level 2 Compliance ............................................................................................................ 348 Level 3 Compliance ............................................................................................................ 348 Level 4 Compliance ............................................................................................................ 348 Level 5 Compliance ............................................................................................................ 348
PCI DSS Overview ................................................................................................................. 349 Category 1: Protect and Maintain a Secure Network ........................................................... 349 Category 2: Protect Cardholder Data ...................................................................................351 Category 3: Maintain a Vulnerability Management Program ...............................................353 Category 4: Implement Strong Access Control Measures .....................................................354 Category 5: Regularly Monitor and Test Networks ..............................................................354 Category 6: Maintain an Information Security Policy ..........................................................355
A Good Place to Start ...............................................................................................................356
