PCI-DSS Compliance
PCI controls for your dedicated environment
The Payment Card Industry Data Security Standard (PCI-DSS) prescribes controls that help protect your customers' data-not just credit card data. Implementing PCI-DSS controls can help your customers can spend confidently
CBIT can provide you with infrastructure and services to assist you in addressing each of the 12 requirements of the PCI Data Security Standard for compliance:
| Control Objectives | PCI DSS Requirements | CBIT can help you with |
|---|---|---|
Build and Maintain a Secure Network |
1. Install and maintain a firewall configuration to protect cardholder data |
Managed Firewall |
2. Do not use vendor-supplied defaults for system passwords and other security parameters |
Vulnerability Assessment Services |
|
Protect Cardholder Data |
3. Protect stored cardholder data |
Not applicable - you must implement this requirement |
4. Encrypt transmission of cardholder data across open, public networks |
SSL Certificates |
|
Maintain a Vulnerability Management Program |
5. Use and regularly update anti-virus software on all systems commonly affected by malware |
Managed End Point Protection Suite |
6. Develop and maintain secure systems and applications |
Web Application Firewall |
|
Implement Strong Access Control Measures |
7. Restrict access to cardholder data by business need-to-know |
Managed Active Directory |
8. Assign a unique ID to each person with computer access |
Two-Factor Authentication |
|
9. Restrict physical access to cardholder data |
Data Center Security |
|
Regularly Monitor and Test Networks |
10. Track and monitor all access to network resources and cardholder data |
Log Management |
11. Regularly test security systems and processes |
Threat Management |
|
Maintain an Information Security Policy |
12. Maintain a policy that addresses information security |
Not applicable - you must implement this requirement |
