PCI-DSS Compliance
The Payment Card Industry Data Security Standard (PCI DSS) is a worldwide information security standard assembled in 2004 by the Payment Card Industry Security Standards Council.
The standard was created to help organizations that process card payments prevent credit card fraud through increased controls on data. The standard applies to all organizations which hold, process, or pass credit card information.
IBM i Complying with PCI-DSS
PCI-DSS consists of 12 requirements within six categories that cover best security practices. Here is a summary of these requirements, focusing on the relevant items to IBM i security.
- Build and Maintain a Secure Network
- Configure a Firewall
- Passwords and Parameters
- Protect Cardholder Data
- Protect Stored Data
- Encrypt Transmission
- Maintain a Vulnerability Management Program
- Antivirus
- Secure Systems and Apps
- Implement Strong Access Control Measures
- Restrict Access
- Assign Unique ID
- Restrict Physical
- AccessRegularly Monitor and Test Networks
- Monitor Access
- Test Security
- Maintain an Information Security Policy
- Maintain a Policy