The 12 Pillars of PCI Compliance

While you may be familiar with the term PCI DSS, you may not be as familiar with the twelve comprehensive requirements that make up the security standard. These requirements are meant to provide the necessary guidance for organizations to properly secure and monitor their network, while protecting cardholder data:

  1. Deploy and maintain a firewall
  2. Change all default passwords
  3. Protect stored cardholder data
  4. Encrypt in-motion cardholder data on public networks
  5. Protect systems against malware
  6. Secure systems and applications
  7. Control restriction to cardholder data
  8. Identify and authenticate access to system components
  9. Restrict physical access to cardholder data
  10. Monitor access to network and cardholder data
  11. Test systems and processes regularly
  12. Maintain information security policy

Now, we can hear your brain shutting off as you consider where the heck to start. But don’t worry, we’re here to help. The path to success is rarely a straight one, but if you keep these 3 recommendations in mind you’ll be heading in the right direction.

  • It’s not a “one and done.” Performing a single annual assessment isn’t going to cut it. It leads to a false sense of security and you’ll wish you had invested the time to avoid trouble later on – bad trouble like a breach or theft of customer data. You’ll need to think of PCI compliance as a continuous loop process where you’re always assessing, remediation based on what you discover during assessment and reporting your findings to the appropriate groups.
  • Invest in technology that will assist, not hinder you. The temptation to go with the latest shiny new tool is hard to resist, but make sure whatever you invest in, that it’s going to provide visibility, a feedback mechanism and enable you to quickly remediation any issues as they arise.
  • Standardize your procedures. This can be a challenge to do for organizations of any size, but by coordinating your efforts across various internal functions, you’ll save yourself a lot of time and hassle later on. Use the twelve pillars as your guide on where to start.

For more information on how Soliton can help, download our latest PCI DSS report [Download Report].