Statements (50)
Predicate | Object |
---|---|
gptkbp:instanceOf |
Compliance Standard
|
gptkbp:appliesTo |
Merchants
Service providers Organizations handling payment card data |
gptkbp:enforcedBy |
Acquiring banks
Payment brands |
gptkbp:governedBy |
gptkb:PCI_Security_Standards_Council
|
gptkbp:hasVersion |
4.0
|
https://www.w3.org/2000/01/rdf-schema#label |
PCI DSS Compliance
|
gptkbp:introducedIn |
2004
|
gptkbp:penalty |
Fines
Increased transaction fees Termination of ability to process card payments |
gptkbp:purpose |
Protect cardholder data
|
gptkbp:relatedStandard |
gptkb:PA-DSS
gptkb:PCI_PIN_Security_Requirements gptkb:PCI_PTS |
gptkbp:requires |
Multi-factor authentication
Risk assessments Vulnerability management Security awareness training Physical security controls Vendor management Access control measures Change management procedures Documentation of policies and procedures Encryption of cardholder data Incident response plan Information security policy Retention and disposal policies for cardholder data Logging and monitoring of access Maintenance of secure systems and applications Masking of PAN when displayed Network security controls Protection against malware Protection of stored cardholder data Regular monitoring and testing Regular testing of security systems Restriction of access to cardholder data Review of user access rights Secure development processes Segmentation of networks Timely installation of security patches Unique IDs for users Secure transmission of cardholder data over open networks |
gptkbp:scope |
Cardholder data environment
|
gptkbp:type |
On-site assessment by Qualified Security Assessor
Self-assessment questionnaire |
gptkbp:bfsParent |
gptkb:Fortinet_FortiWeb
|
gptkbp:bfsLayer |
5
|