PCI DSS

These security standards are set by the Payment Card Industry Security Standards Council (American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc) to protect cardholder data.

PCI DSS governs all merchants and organizations that store, process, or transmit this data. This includes banks, processors, developers, and point of sale vendors. If your business accepts or processes payment cards, it must comply with the PCI DSS.

PCI DSS contains 12 requirements:

PCI DSS requires the following common-sense steps:

  1. Protect your system with firewalls

  2. Configure passwords and settings 

  3. Protect stored cardholder data

  4. Encrypt transmission of cardholder data across open, public networks

  5. Use and regularly update anti-virus software

  6. Regularly update and patch systems

  7. Restrict access to cardholder data to business need to know

  8. Assign a unique ID to each person with computer access

  9. Restrict physical access to workplace and cardholder data

  10. Implement logging and log management 

  11. Conduct vulnerability scans and penetration tests

  12. Documentation and risk assessments

The Council provides programs for two kinds of certifications: Qualified Security Assessor (QSA) and Approved Scanning Vendor (ASV). QSAs have trained personnel and processes to assess and validate compliance with PCI DSS. ASVs provide commercial software tools to assess your systems. In addition, a self-assessment questionnaire is specified for various business situations

Non-PCI compliant merchants and payment processors can face fines from $5,000 to $100,000 per month, depending on a variety of factors.

CyGov delivers streamlined, automated data collection and analysis, prioritized remediation guidance and real-time customized scoring to meet the PCI DSS requirements. CyGov has mapped PCI DSS back to its control inventory allowing to share data across multiple frameworks through the platform, which creates time savings, money savings and more accurate data. Through the CyGov platform organizations can gain full visibility to their cyber risk levels and compliance.

Background footer new.png

Follow Us

Group 9703@2x.png
Group 9705@2x.png

© 2020 by CyGov Tech