PCI DSS Compliance Documentation

Comprehensive guide to Payment Card Industry Data Security Standard requirements and implementation

PCI DSS Compliance

Overview

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that all companies that process, store or transmit credit card information maintain a secure environment.

Requirements Overview

PCI DSS consists of 12 main requirements organized into 6 goals:

Build and Maintain a Secure Network
- Requirement 1: Install and maintain network security controls
- Requirement 2: Apply secure configurations
Protect Cardholder Data
- Requirement 3: Protect stored cardholder data
- Requirement 4: Protect cardholder data during transmission
Maintain a Vulnerability Management Program
- Requirement 5: Protect systems against malware
- Requirement 6: Develop secure systems and software
Implement Strong Access Control Measures
- Requirement 7: Restrict access to cardholder data
- Requirement 8: Identify and authenticate access
- Requirement 9: Restrict physical access
Regularly Monitor and Test Networks
- Requirement 10: Log and monitor access
- Requirement 11: Test security systems
Maintain an Information Security Policy
- Requirement 12: Security awareness and policy

Navigating This Documentation

Use the sidebar to explore specific requirements and their sub-requirements. Each section includes:

Detailed technical specifications
Implementation guidance
Testing procedures
SAQ applicability

Next1: Network Security

PCI DSS Compliance

Requirements

Appendices

Getting Started

PCI DSS Compliance Documentation

PCI DSS Compliance

Overview

Requirements Overview

Navigating This Documentation

On this page