PCI DSS Flashcards
1
Q
What does PCI DSS stand for?
A
Payment Card Industry Data Security Standard
2
Q
What is PCI DSS?
A
Proprietary standard for organisations who handle payment cards associated with: Visa, MasterCard, American Express, etc.
3
Q
Who administers the PCI standard?
A
Payment Card Industry Security Standards Council
4
Q
Who performs validation compliance?
A
A Qualified Security Assessor (QSA), who creates a Report Of Compliance (ROC), or through a Self Assessment Questionnaire (SAQ).
5
Q
What is the latest version?
A
Version 3.1, released in 2015.
6
Q
How many requirements are specified by the standard?
A
12 requirements, organised into 6 groups of control objectives.
7
Q
What are the control objectives?
A
- Build an maintain a secure network (firewalls and default passwords).
- Protect card holder data (storage and transmission).
- Maintain a vulnerability management programme (AV and secure development).
- Implement strong access control measures (need to know, unique ID, physical access).
- Regularly monitor and test networks (monitor access, test systems).
- Maintain an information security policy (policy).
8
Q
What kind of supplementary information is provided?
A
- Penetration testing
- Code reviews and firewall management.
- PCI DSS wireless guidelines.
- Call centre management - can’t digitally record conversations that include card numbers.
