PCI Compliance Security
Information Security

Where to Start with PCI Compliance: The PCI Compliance Checklist

TJ Quirk
by TJ Quirk
2 min read
July 23, 2015 at 2:14 PM

Navigating the complexities of PCI Compliance can be challenging and time consuming, especially if it is your first time going through the process. What do you need to do to become PCI compliant and what is your plan for getting started? These are questions that are often asked that create confusion and frustration for individuals and organizations alike. Thankfully we have created a simple, easy to follow PCI Compliance Checklist below that will point you in the right direction to get started:IT_Security

  • Install and Maintain a firewall to protect cardholder data
  • Do not use vendor supplied default passwords for network equipment. Change them immediately!
  • Protect cardholder data. If possible, do not store cardholder data on your network but if you must, make sure you use strong encryption methodologies to protect it
  • Encrypt the transmission of cardholder data across open and/or public networks
  • Use and update anti-virus software on all machines in the cardholder data environment (CDE)
  • Develop and maintain secure systems and applications, ensure vendor supplied security patches are installed
  • Restrict access to cardholder data by business necessity, allow as few individuals as possible to have access
  • Assign a unique ID to each person to monitor and log their activity in the cardholder data environment
  • Restrict physical access to cardholder data
  • Track and monitor all access to network resources and cardholder data
  • Regularly test security systems and processes through quarterly ASV scanning and annual penetration testing
  • Develop and maintain an information security policy and make sure your employees are trained on it regularly

There you have it, 12 steps to take to begin the process of becoming PCI Compliant. For a detailed listing of the 12 requirements for PCI compliance and specific steps to take, head to the PCI Security Standards Council website here for more information. For more information on how Compass can assist you in achieving or maintaining PCI Compliance, download our PCI Compliance brochure or contact us to schedule a free, no-risk evaluation.

Download Your PCI Compliance Brochure

Contact Us
Previous story
← What is a PCI ROC?
Next story
IT Auditing and IT Risk Assessment: What's the Difference? →
PCI Compliance and the Transition to EMV
PCI Compliance

PCI Compliance and the Transition to EMV

October 8, 2015 at 11:19 AM 3 min read
Top PCI Compliance Myths Debunked
PCI Compliance

Top PCI Compliance Myths Debunked

September 1, 2015 at 10:00 AM 2 min read
PCI Compliance Checklist - A Tool to Help You Monitor Your Compliance
PCI Compliance Checklist Blog Post.png
PCI Compliance

PCI Compliance Checklist - A Tool to Help You Monitor Your Compliance

November 16, 2017 at 9:49 AM 3 min read

Get Email Notifications

No Comments Yet

Let us know what you think