PCI Requirement Quick Reference Guide

  • Install and maintain a firewall configuration to protect cardholder data.
  • Do not use vendor-supplied defaults for system passwords and other security parameters.
  • Protect stored cardholder data.
  • Encrypt transmission of cardholder data across open, public networks.
  • Protect all systems against malware and regularly update anti-virus software or programs.
  • Develop and maintain secure systems and applications.
  • Restrict access to cardholder data by business need to know.
  • Identify and authenticate access to system components.
  • Restrict physical access to cardholder data.
  • Regularly test security systems and process.
  • Track and monitor all access to network resources and cardholder data.
  • Regularly test security systems and processes.
  • Maintain a policy that addresses information security for all personnel.