PCI DSS Compliance

URI: https://gptkb.org/entity/PCI_DSS_Compliance

GPTKB entity

Statements (50)

Predicate	Object
gptkbp:instanceOf	Compliance Standard
gptkbp:appliesTo	Merchants Service providers Organizations handling payment card data
gptkbp:enforcedBy	Acquiring banks Payment brands
gptkbp:governedBy	gptkb:PCI_Security_Standards_Council
gptkbp:hasVersion	4.0
https://www.w3.org/2000/01/rdf-schema#label	PCI DSS Compliance
gptkbp:introducedIn	2004
gptkbp:penalty	Fines Increased transaction fees Termination of ability to process card payments
gptkbp:purpose	Protect cardholder data
gptkbp:relatedStandard	gptkb:PA-DSS gptkb:PCI_PIN_Security_Requirements gptkb:PCI_PTS
gptkbp:requires	Multi-factor authentication Risk assessments Vulnerability management Security awareness training Physical security controls Vendor management Access control measures Change management procedures Documentation of policies and procedures Encryption of cardholder data Incident response plan Information security policy Retention and disposal policies for cardholder data Logging and monitoring of access Maintenance of secure systems and applications Masking of PAN when displayed Network security controls Protection against malware Protection of stored cardholder data Regular monitoring and testing Regular testing of security systems Restriction of access to cardholder data Review of user access rights Secure development processes Segmentation of networks Timely installation of security patches Unique IDs for users Secure transmission of cardholder data over open networks
gptkbp:scope	Cardholder data environment
gptkbp:type	On-site assessment by Qualified Security Assessor Self-assessment questionnaire
gptkbp:bfsParent	gptkb:Fortinet_FortiWeb
gptkbp:bfsLayer	5