2015 PCI Rules/Requirements ChangesRequirement - Build and Maintain a Secure Network and Systems
- Install and maintain a perimeter firewall to protect cardholder data.
- Do not use vendor-supplied defaults for system passwords and other security settings
- Protect stored cardholder data in a secure manner, preferably in encrypted format when stored.
- Encrypt transmission of cardholder data across open, public networks
- Protect all systems against malware and regularly update your
- Restrict access to cardholder data by business need to know.
- Identify and authenticate access to system components (no more shared user ID’s and passwords!).
- Restrict physical access to cardholder data.
- Create an audit trail system to track and monitor all access to network resources and cardholder data.
- Regularly test your security systems and processes.
- Maintain a policy covering information security for all personnel and make sure all employees follow it.
- If you’re using a third party to process your credit card transaction, those shared hosting providers must protect the cardholder data environment and you should verify their compliance.
Jeff Hoffman is Chief Security Zealot at ACT Network Solutions, a leading IT security provider in Illinois. He can be reached at email@example.com. He is also the author of "Intruders At The Gate - Building an Effective Malware Defense System" which is available at Amazon.com.