PCI, as it is almost universally known,
was originally developed by MasterCard
and Visa through an alignment of
security requirements contained in the
MasterCard Site Data Protection Plan
(SDP) and two Visa programs, the
Cardholder Information Security Plan
(CISP) and the international Account
Information Security (AIS). In September
of 2006, a group of five leading payment
brands including American Express,
Discover Financial Services, JCB,
MasterCard Worldwide and Visa
International jointly announced
formation of the PCI Security Standards
Council, an independent council
established to manage ongoing evolution
of the PCI standard. Concurrent with the
announcement, the council released
version 1.1 of the PCI standard. Since
then it has rapidly become the ‘de-facto’
standard within the card industry for
both merchant and service provider.
While the newly-established PCI Security
Standards Council manages the
underlying data security standard,
compliance requirements are set
independently by individual payment
card brands. While requirements vary
between card networks, MasterCard’s
Site Data Protection Plan and Visa’s
Cardholder Information Security Program
are representative. They stipulate
separate compliance validation
requirements for merchants and service
providers, which vary depending on the
size of the company and its transaction /
business throughout.
PCI DSS is based on established best
practice for securing data (such as
ISO 27001) and applies to any parties
involved with the transfer or processing
of credit card data.
Its purpose is to ensure that confidential
cardholder account data is always secure
and comprises 12 key requirements:
1.Build and maintain a secure network
2.Protect cardholder data
3.Maintain a vulnerability management program
4.Implement strong access control measures
5.Regularly monitor and test networks
6.Maintain an information security policy
7.PCI validation requirements & ISO 27001 compliance requirements
8.Annual on-site security audits
9.PCI annual self-assessment questionnaire
10.Quarterly external network scans
11.PCI DSS Validation Enforcement Table
12.PCI and ISO 27001 - the comparisons
See 12 key requirements Detail
Back To Using ISO 27001 for PCI DSS Compliance Frist Page
Subscribe to:
Post Comments (Atom)
5 comments:
Great Article, I bookmarked your blog because I found very nice information on your blog, Thanks for sharing this.
Great information about PCI DSS Certification and services. Thank you so much.
PCI DSS in USA
Thanks for sharing beautiful articles. Its nice. ISO 27001 training OMAN
Excellent Blog. I really want to admire the quality of this post. I like the way of your presentation of ideas, views and valuable content.
ISO 27001 Certification Cost
Awsome post. Its very interesting to read this post. ISO 27000 Certification
Post a Comment