The 6 Main Categories of PCI DSS 30
|Build and maintain a secure network and systems||
1. Install and maintain a firewall configuration to protect cardholder data.
|Protect cardholder data||
3. Protect stored cardholder data.
|Maintain a vulnerability management program||5. Protect all systems against malware and regularly update anti-virus software or programs.
6. Develop and maintain secure systems and applications.
|Implement strong access control measures||7. Restrict access to cardholder data by business need to know.
8. Identify and authenticate access to system components.
9. Restrict physical access to cardholder data.
|Regularly monitor and test networks||
10. Track and monitor all access to network resources and cardholder data.
|Maintain an information security policy||12. Maintain a policy that address information security for all personnel.|
This is a high-level overview to get you thinking about where you stand in regards to PCI compliance, and to help you identify any costly security gaps.