PCI DSS: Required Security Practices

Payment Card Industry Compliance
PCI DSS: Required Security Practices
Payment Card Industry Data Security Standards (PCI DSS) requirements include twelve
(12) security controls that all businesses, including RIT, are required to implement to protect
payment card data and comply with PCI DSS. Refer to the table below. These requirements
were developed and are maintained by the Payment Card Industry (PCI) Security Standards Council
For more information about compliance with PCI DSS at RIT, go here: https://www.rit.edu/fa/controller/pci-dss-introduction-payment-card-industry-data-security-standards.



                  PCI DSS Requirements             

Build and Maintain a Secure Network and Systems
  1. Install and maintain a firewall configuration to protect cardholder data
  2. Do not use vendor-supplied defaults for system password security parameters
Protect Cardholder Data 
  1. Protect stored cardholder data
  2. Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program 
  1. Protect all systems against malware and regularly update antivirus software programs 
  2. Develop and maintain secure systems applications
Implement Strong Access Control Measures 
  1. Restrict access to cardholder data by business need to know
  2. Identify and authenticate access to system components
  3. Restrict physical access to cardholder data
Regularly Monitor and Test Networks 
  1. Track and monitor all access to network resources and cardholder data 
  2. Regularly test security systems and processes
Maintain an Information Security policy 
  1. Maintain a policy that addresses information security for all personnel