PCI Compliance Checklist

The PCI Security Standards Council has outlined 12 requirements that are essential for PCI compliance.

A brief checklist of these 12 requirements is found below.  Please note that 1 Stop PCI Scan is an Approved Scanning Vendor and is able to assist businesses in complying with requirement 11, requiring quarterly external vulnerability scans every year.  We are also qualified to assist with penetration testing and internal vulnerability scanning.

A brief PCI Compliance checklist:

  1. Use a firewall between the public network and the payment card data.  Keep the firewall updated.
  2. Do not use vendor-supplied default passwords that come with network equipment or devices used in payment processing. Change the vendor-supplied passwords immediately.
  3. If you can at all avoid it, do not store cardholder data.  If you have a business need to keep cardholder data, ensure that is is protected through strong encryption.
  4. Use encryption to protect all transmission of cardholder data over any public network.
  5. Use antivirus software on all machines in the cardholder data environment and ensure that the software is updated.
  6. Check that your card processing applications and systems have vendor-supplied security patches installed.
  7. Limit access to cardholder data to as few individuals as possible.
  8. Assign a unique identification (ID) to each user so that everyone is accountable for their own actions in the cardholder data environment.
  9. Physical access to the cardholder data environment should be restricted.
  10. Monitor all access to the network and cardholder data environment.
  11. Regularly test your security systems and your network environment.  1 Stop PCI Scan is certified to assist in this requirement.
    Yearly penetration testing is required for many businesses. Click here for more information on this requirement.
    Quarterly external and internal scanning is required for many businesses.  Click here for more information on internal scanning.
  12. Maintain a security policy and ensure that all personnel are aware of the security policy.

Greater detail regarding PCI Compliance can be found at the PCI Security Standards website in the PCI DSS v3.0 document.