- Cyber Security Services
- Compliance Services
- IT Risk and Audit Services
- Contact Us
This is the fifth blog in a 12-part series addressing each PCI DSS Requirement and the challenges faced by companies going through this process. To read the previous posts in this series, click on the links below:
*Requirement 5 – Protect all systems against malware and regularly update anti-virus software or programs*
Requirement 5 is the start of the Vulnerability management program section of the PCI requirements. This requirement used to be known as the “Windows AV” requirement but it has developed into much more. It seems simple enough, put AV on the endpoints in your PCI environment and make sure they scan and update regularly. That should be commonplace this day in age, but I assure you it's still a weak area in some cases. With the number of tools available and the constant reminders in the news and even on your computer itself, this should be an easy requirement to meet. Requirement 5 really pushes to make sure your AV/Malware tools are enabled, configured properly, updating regularly and scanning for the appropriate malware and viruses.
Companies that require PCI Compliance face some familiar challenges within this requirement:
These challenges are just some of the areas within the PCI DSS requirements that many of our client’s face. Another area where our client’s experience challenges is keeping track of the various requirements that must be completed on a quarterly, semi-annual, and annual basis for PCI Compliance. Therefore, Compass IT Compliance has created our PCI Compliance checklist, one for service providers and one for merchants. This simple, easy to use checklist gives you the PCI requirements, what you must do to achieve/maintain compliance, and how often you need to complete each requirement. To download your copy today, click on the button below!