While having only 12 requirements might make PCI DSS seem like a simple standard, each requirement is incredibly important and, if you aren’t paying attention, can specify practices you aren’t implementing. In the case of the third requirement, this could mean that you’re not actually protecting the most critical data that is in your possession–that is, the private and financial information of your customers. 

Therefore, if you want to avoid scandal, fraud, and the loss of your customers’ trust, you must follow the third PCI DSS requirement. With the continued launch of PCI DSS 4.0, we’re now moving on to a discussion of the third PCI DSS requirement.

Read More

Previously, we discussed preparing for the new PCI DSS 4.0 standard and how to wrap your head around the first requirement–network and system security. The following requirement moves on to another critically important aspect of compliance and security–configuration management. 

Here, we’ll break down the concept of configuration management in PCI DSS and how this is spelled out in the Second Requirement.

Read More

PCI DSS compliance is verifying that your systems, those that handle personal and cardholder information, meet all the expectations of the 12 requirements of the standard. These requirements describe security and privacy controls to protect against modern threats and vulnerabilities and call for both attention to implementing controls and maintaining long-term best practices. 

The best way to understand expectations under PCI DSS is to walk through the requirements and what they say about security. Here, we’ll touch on the first requirement: Install and maintain security controls.

Read More