You are hereInformation Security Policy / PCI DSS Requirements Overview

PCI DSS Requirements Overview


By Michael J - Posted on 24 January 2012

Here are the requirements for all levels of PCI compliance.  Loganville Linux is currently certified to Self Assessment Questionaire A v2.0

Build and Maintain a Secure Network

Requirement 1: Install and maintain a firewall configuration to protect cardholder data. 
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data
Requirement 3: Protect stored cardholder
Requirement 4: Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update anti-virus software or programs
Requirement 6: Develop and maintain secure systems and applications

Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data by business need to know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data

Regularly Monitor and Test Networks
Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes.

Maintain an Information Security Policy
Requirement 12: Maintain a policy that addresses information security for all personnel.
 

Eligibility to Complete SAQ A

  • Loganville Linux does not store, process, or transmit any cardholder data on merchant premises but relies entirely on third party service provider(s) to handle these functions;
  • The third party service provider(s) handling storage, processing, and/or transmission of cardholder data is confirmed to be PCI DSS compliant;
  • Loganville Linux does not store any cardholder data in electronic format;
     

Required Policies for Self-Assessment Questionaire A