Where to Start with PCI Compliance: The PCI Compliance Checklist

TJ Quirk
Jul 23, 2015 2:14:02 PM

Navigating the complexities of PCI Compliance can be challenging and time consuming, especially if it is your first time going through the process. What do you need to do to become PCI compliant and what is your plan for getting started? These are questions that are often asked that create confusion and frustration for individuals and organizations alike. Thankfully we have created a simple, easy to follow PCI Compliance Checklist below that will point you in the right direction to get started:IT_Security

  • Install and Maintain a firewall to protect cardholder data
  • Do not use vendor supplied default passwords for network equipment. Change them immediately!
  • Protect cardholder data. If possible, do not store cardholder data on your network but if you must, make sure you use strong encryption methodologies to protect it
  • Encrypt the transmission of cardholder data across open and/or public networks
  • Use and update anti-virus software on all machines in the cardholder data environment (CDE)
  • Develop and maintain secure systems and applications, ensure vendor supplied security patches are installed
  • Restrict access to cardholder data by business necessity, allow as few individuals as possible to have access
  • Assign a unique ID to each person to monitor and log their activity in the cardholder data environment
  • Restrict physical access to cardholder data
  • Track and monitor all access to network resources and cardholder data
  • Regularly test security systems and processes through quarterly ASV scanning and annual penetration testing
  • Develop and maintain an information security policy and make sure your employees are trained on it regularly

There you have it, 12 steps to take to begin the process of becoming PCI Compliant. For a detailed listing of the 12 requirements for PCI compliance and specific steps to take, head to the PCI Security Standards Council website here for more information. For more information on how Compass can assist you in achieving or maintaining PCI Compliance, download our PCI Compliance brochure or contact us to schedule a free, no-risk evaluation.

Download Your PCI Compliance Brochure

You May Also Like

These Stories on PCI Compliance

Subscribe by Email

No Comments Yet

Let us know what you think