In an ultra-competitive marketplace, how do you turn the need to protect sensitive cardholder data into a business advantage? Just follow these six steps from the PCI Security Council to simplify compliance and streamline your business operations.
1. Build and Maintain a Secure Network
- Deploy a secure firewall
- Avoid using vendor defaults
- Micro-segment cardholder data from other types of data
2. Protect Cardholder Data
- Avoid storing cardholder data directly on your network
- Implement the latest cryptography tools
- Encrypt all in-transit and stored cardholder data
3. Maintain a Vulnerability Management Program
- Use the latest anti-virus software to prevent malware attacks
- Regularly update your operating systems
- Tightly secure all networks, systems, and applications
4. Implement Strong Access Control Measures
- Limit employee access to cardholder data on a need-to-know basis
- Identify and authenticate all access to system components
- Restrict physical access to cardholder data systems
5. Regularly Monitor and Test Your Networks
- Monitor access to network resources and cardholder data
- Regularly test your security systems and processes
- Ensure that you have a clear audit trail
6. Maintain an Information Security Policy
- Show employees and contractors how to protect cardholder data
- Deploy clear security policies for all personnel
- Conduct ongoing training
Learn more at www.pcisecuritystandards.org.
