Your checklists (
0
)
AI Checklist Generator
From the makers of
Manifestly Checklists
Sign in
Email address
Email me a magic link
Home
> pci dss compliance
pci dss compliance
Build and Maintain a Secure Network
Install and maintain a firewall configuration to protect cardholder data
Ensure that firewalls are in place and properly configured
Regularly review firewall and router configurations
Do not use vendor-supplied defaults for system passwords and other security parameters
Change default passwords and settings on all systems and applications
Enforce strong password policies
Protect cardholder data
Encrypt transmission of cardholder data across open, public networks
Implement strong encryption for stored cardholder data
Maintain a vulnerability management program
Use and regularly update anti-virus software
Develop and maintain secure systems and applications
Implement strong access control measures
Restrict access to cardholder data on a need-to-know basis
Assign a unique ID to each person with computer access
Protect Cardholder Data
Protect stored cardholder data
Limit storage of cardholder data and ensure its security
Implement data retention and disposal policies
Encrypt transmission of cardholder data across open, public networks
Use strong encryption protocols and secure communication channels
Regularly test encryption mechanisms
Maintain strict access control measures
Restrict physical access to cardholder data storage areas
Track and monitor all access to cardholder data
Maintain a Vulnerability Management Program
Use and regularly update anti-virus software or programs
Install and update anti-virus software on all systems commonly affected by malware
Ensure that anti-virus software is actively running and regularly scanning
Develop and maintain secure systems and applications
Keep all systems and software up to date with the latest security patches
Regularly test and evaluate security vulnerabilities
Implement Strong Access Control Measures
Restrict access to cardholder data on a need-to-know basis
Limit access to authorized personnel only
Implement strong authentication mechanisms
Assign a unique ID to each person with computer access
Ensure that each individual has a unique user ID for system access
Regularly review and revoke access for terminated employees
Restrict physical access to cardholder data
Implement physical access controls to prevent unauthorized entry
Monitor and track physical access to sensitive areas
Regularly Monitor and Test Networks
Track and monitor all access to network resources and cardholder data
Implement logging mechanisms and review logs for suspicious activity
Regularly monitor network traffic for anomalies
Regularly test security systems and processes
Conduct regular vulnerability scans and penetration tests
Review and address any identified vulnerabilities or weaknesses
Maintain an Information Security Policy
Maintain a policy that addresses information security for all personnel
Develop and distribute a comprehensive information security policy
Regularly educate and train employees on security policies and procedures
Implement a formal security awareness program
Promote security awareness through training and educational initiatives
Regularly communicate security updates and best practices to employees
Download CSV
Download JSON
Download Markdown
Use in Manifestly
Use in Manifestly