Introduction to PCI DSS Requirement 1

by KirkpatrickPrice / April 18th, 2017

This exclusive video series, PCI Demystified, was developed to assist your organization in understanding what the Payment Card Industry Data Security Standard (PCI DSS) is, who it applies to, what the specific requirements are, and what your organizations needs to do to become compliant.  In this episode, Jeff Wilder walks us through PCI Requirement 1.

The Payment Card Industry Data Security Standard (PCI DSS) was jointly developed by the payment card brands to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally. Its purpose is to ensure that all of that data that lives within the Cardholder Data Environment (CDE) is protected and secured from theft or unauthorized use. If you are a merchant, service provider, or sub-service provider who stores, processes, or transmits cardholder data, you are subject to comply with the PCI DSS. The current version, PCI DSS 3.2, has approximately 394 controls, 6 control objectives, and 12 major subject areas. The 12 requirements are:

  1. Install and maintain a firewall configuration to protect cardholder data
  2. Do not use vendor-supplied passwords and other security parameters
  3. Protect stored cardholder data
  4. Encrypt transmission of cardholder data across open, public networks
  5. Protect all systems against malware and regularly update anti-virus software or programs
  6. Develop and maintain secure systems and applications
  7. Restrict access to cardholder data by business need-to-know
  8. Identify and authenticate access to system components
  9. Restrict physical access to cardholder data
  10. Track and monitor all access to network resources and cardholder data
  11. Regularly test security systems and processes
  12. Maintain a policy that address information security for all personnel

PCI DSS Requirement 1

The PCI DSS Requirement 1, which states, “Install and maintain a firewall configuration to protect cardholder data.” PCI Requirement 1 addresses building and maintaining a secure network. This requirement requires your organization to maintain the authorized inbound and outbound traffic of your environment. Requirement 1 also focuses on managing the changes that happen in your environment and maintaining the documentation and program. It’s also about maintaining strict rules about what traffic is allowed in and out of that environment. It’s also about establishing a DMZ and limiting the traffic only to that which is necessary. We will explain the main topics of Requirement 1, like firewalls, network traffic, controls, documentation, and so much more.

Introduction to Requirement 1

So PCI DSS Requirement 1 is about maintaining a secure network. It’s about maintaining the authorized inbound and outbound traffic in and out of your environment. It’s about managing the changes that happen in that environment, maintaining the documentation, and maintaining the program. It’s also about maintaining strict rules about what traffic is allowed in and out of that environment. Lastly, it’s about establishing a DMZ and limiting the traffic only to that which is necessary

Share Tweet Share Email

Related Posts