PCI Audit Procedures

pages

English

Documents

Lire

Le téléchargement nécessite un accès à la bibliothèque YouScribe Tout savoir sur nos offres

pages

English

Documents

Lire

Le téléchargement nécessite un accès à la bibliothèque YouScribe Tout savoir sur nos offres

Publié par

Suwyig

Nombre de lectures

Langue

English

Payment Card Industry (PCI) Data Security Standard Security Audit Procedures Version 1.1 Release: September 2006 Table of Contents Security Audit Procedures ............................................................................................................................................................................................................. 1 Version 1.1 ..................................................................................................................................................................................................................................... 1 Table of Contents ................................................................................................................................................................................................................... 2 Introduction .................................................................................................................................................................................................................................... 3 PCI DSS Applicability Information ................................................................................................................................................................................................. 4 Scope of Assessment for Compliance with PCI DSS Requirements ................................................................................................ ...

Voir

Publié par

Suwyig

Langue

English

Payment Card Industry (PCI) Data Security Standard

Security Audit Procedures

Version 1.1 Release: September 2006

Table of Contents Security Audit Procedures ............................................................................................................................................................................................................. 1 Version 1.1 ..................................................................................................................................................................................................................................... 1 Table of Contents ................................................................................................................................................................................................................... 2 Introduction .................................................................................................................................................................................................................................... 3 PCI DSS Applicability Information ................................................................................................................................................................................................. 4 Scope of Assessment for Compliance with PCI DSS Requirements ............................................................................................................................................ 5 Wireless .................................................................................................................................................................................................................................. 6 Outsourcing ............................................................................................................................................................................................................................ 6 Sampling ................................................................................................................................................................................................................................. 6 Compensating ......................................................................................................................................................................................................................... 7 Controls................................................................................................................................................................................................................................... 7 Instructions and Content for Report on Compliance. ..................................................................................................................................................................... 7 Revalidation of Open Items. ........................................................................................................................................................................................................... 9 Build and Maintain a Secure Network. ........................................................................................................................................................................................... 9 Requirement 1: Install and maintain a firewall configuration to protect cardholder data........................................................................................................ 9 Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters. .................................................................... 13 Protect Cardholder Data .............................................................................................................................................................................................................. 16 Requirement 3: Protect stored cardholder data.................................................................................................................................................................... 16 Requirement 4: Encrypt transmission of cardholder data across open, public networks. .................................................................................................... 21 Maintain a Vulnerability Management Program ........................................................................................................................................................................... 23 Requirement 5: Use and regularly update anti-virus software or programs ......................................................................................................................... 23 Requirement 6: Develop and maintain secure systems and applications ............................................................................................................................ 24 Implement Strong Access Control Measures .............................................................................................................................................................................. 28 Requirement 7: Restrict access to cardholder data by business need-to-know .................................................................................................................. 28 Requirement 8: Assign a unique ID to each person with computer access. ........................................................................................................................ 29 Requirement 9: Restrict physical access to cardholder data. .............................................................................................................................................. 33 Regularly Monitor and Test Networks. ......................................................................................................................................................................................... 36 Requirement 11: Regularly test security systems and processes. ....................................................................................................................................... 39 Maintain an InformationSecurity................4 ..1................................. ..ilyc oP................................................................................................................................ Requirement 12: Maintain a policy that addresses information security for employees and contractors. ........................................................................... 41 Appendix A: PCI DSS Applicability for Hosting Providers (with Testing Procedures) ................................................................................................................. 47 Requirement A.1: Hosting providers protect cardholder data environment ......................................................................................................................... 47 Appendix B Compensating Controls ......................................................................................................................................................................................... 49 Compensating Controls General ...................................................................................................................................................................................... 49 Compensating Controls for Requirement 3.4 ....................................................................................................................................................................... 49 Appendix C: Compensating Controls Completed Example/Worksheet ....................................................................................................................................... 50 Example ................................................................................................................................................................................................................................ 50 Worksheet ............................................................................................................................................................................................................................. 51

Securti yAudit Procedures v 1. 1

Voir