Die wesentlichen Regelungen des Data Security Standard der Kredikartenindustrie (PCI DSS) für den Bereich Data Security sind:
1. Build and Maintain a Secure Network
-
- Requirement 1: Install and maintain a firewall configuration to protect cardholder data
- Requirement 2: Do not use vendor-supplied defaults for system passwords and other
security parameters
2. Protect Cardholder Data
-
- Requirement 3: Protect stored cardholder data
- Requirement 4: Encrypt transmission of cardholder data across open, public networks
3. Maintain a Vulnerability Management Program
-
- Requirement 5: Use and regularly update anti-virus software
- Requirement 6: Develop and maintain secure systems and applications
4. Implement Strong Access Control Measures
-
- Requirement 7: Restrict access to cardholder data by business need-to-know
- Requirement 8: Assign a unique ID to each person with computer access
- Requirement 9: Restrict physical access to cardholder data
5. Regularly Monitor and Test Networks
-
- Requirement 10: Track and monitor all access to network resources and cardholder data
- Requirement 11: Regularly test security systems and processes
6. Maintain an Information Security Policy
-
- Requirement 12: Maintain a policy that addresses information security
Weitere Informationen zum Data Security Standard der Kredikartenindustrie (PCI DSS) finden Sie hier.