The 12 requirements as defined in version 1.1. of the standard issued in September 2006 are listed below.
|
Build and Maintain a Secure Network
|
| 1: |
Install and maintain a firewall configuration to protect cardholder data
|
| 2: |
Do not use vendor-supplied defaults for system passwords and other security parameters
|
| | |
|
Protect Cardholder Data
|
| 3: |
Protect stored cardholder data
|
| 4: |
Encrypt transmission of cardholder data across open, public networks
|
| | |
|
Maintain a Vulnerability Management Program
|
| 5: |
Use and regularly update anti-virus software
|
| 6: |
Develop and maintain secure systems and applications
|
| | |
|
Implement Strong Access Control Measures
|
| 7: |
Restrict access to cardholder data by business need-to-know
|
| 8: |
Assign a unique ID to each person with computer access
|
| 9: |
Restrict physical access to cardholder data |
| | |
|
Regularly Monitor and Test Networks
|
| 10: |
Track and monitor all access to network resources and cardholder data
|
| 11: |
Regularly test security systems and processes
|
| | |
|
Maintain an Information Security Policy
|
| 12: |
Maintain a policy that addresses information security
|
