PCI DSS Compliance

GPTKB entity

Statements (50)
Predicate Object
gptkbp:instanceOf Compliance Standard
gptkbp:appliesTo Merchants
Service providers
Organizations handling payment card data
gptkbp:enforcedBy Acquiring banks
Payment brands
gptkbp:governedBy gptkb:PCI_Security_Standards_Council
gptkbp:hasVersion 4.0
https://www.w3.org/2000/01/rdf-schema#label PCI DSS Compliance
gptkbp:introducedIn 2004
gptkbp:penalty Fines
Increased transaction fees
Termination of ability to process card payments
gptkbp:purpose Protect cardholder data
gptkbp:relatedStandard gptkb:PA-DSS
gptkb:PCI_PIN_Security_Requirements
gptkb:PCI_PTS
gptkbp:requires Multi-factor authentication
Risk assessments
Vulnerability management
Security awareness training
Physical security controls
Vendor management
Access control measures
Change management procedures
Documentation of policies and procedures
Encryption of cardholder data
Incident response plan
Information security policy
Retention and disposal policies for cardholder data
Logging and monitoring of access
Maintenance of secure systems and applications
Masking of PAN when displayed
Network security controls
Protection against malware
Protection of stored cardholder data
Regular monitoring and testing
Regular testing of security systems
Restriction of access to cardholder data
Review of user access rights
Secure development processes
Segmentation of networks
Timely installation of security patches
Unique IDs for users
Secure transmission of cardholder data over open networks
gptkbp:scope Cardholder data environment
gptkbp:type On-site assessment by Qualified Security Assessor
Self-assessment questionnaire
gptkbp:bfsParent gptkb:Fortinet_FortiWeb
gptkbp:bfsLayer 5