While you may be familiar with the term PCI DSS, you may not be as familiar with the twelve comprehensive requirements that make up the security standard. These requirements are meant to provide the necessary guidance for organizations to properly secure and monitor their network, while protecting cardholder data:
- Deploy and maintain a firewall
- Change all default passwords
- Protect stored cardholder data
- Encrypt in-motion cardholder data on public networks
- Protect systems against malware
- Secure systems and applications
- Control restriction to cardholder data
- Identify and authenticate access to system components
- Restrict physical access to cardholder data
- Monitor access to network and cardholder data
- Test systems and processes regularly
- Maintain information security policy
Now, we can hear your brain shutting off as you consider where the heck to start. But don’t worry, we’re here to help. The path to success is rarely a straight one, but if you keep these 3 recommendations in mind you’ll be heading in the right direction.
- It’s not a “one and done.” Performing a single annual assessment isn’t going to cut it. It leads to a false sense of security and you’ll wish you had invested the time to avoid trouble later on – bad trouble like a breach or theft of customer data. You’ll need to think of PCI compliance as a continuous loop process where you’re always assessing, remediation based on what you discover during assessment and reporting your findings to the appropriate groups.
- Invest in technology that will assist, not hinder you. The temptation to go with the latest shiny new tool is hard to resist, but make sure whatever you invest in, that it’s going to provide visibility, a feedback mechanism and enable you to quickly remediation any issues as they arise.
- Standardize your procedures. This can be a challenge to do for organizations of any size, but by coordinating your efforts across various internal functions, you’ll save yourself a lot of time and hassle later on. Use the twelve pillars as your guide on where to start.