PCI DSS PCI DSS 2.0.

Size: px

Start display at page:

Download "PCI DSS PCI DSS 2.0."

Mae Norris
7 years ago
Views:

1 D

2 PCI DSS 12 PCI DSS 20 PCI DSS D (C) PCI Security Standards Council LLC 2010 i

3 i (PCI DSS) iv vi vi PCI DSS vii viii D - 1 D 1 D PCI DSS D (C) PCI Security Standards Council LLC 2010 ii

4 PCI DSS 42 A PCI DSS D (C) PCI Security Standards Council LLC 2010 iii

5 DSS) (PCI PCI DSS (PCI DSS) - PCI DSS - (PCI DSS) - (PCI DSS) - 1 (PCI DSS) B - 1 (PCI DSS) C-VT - 1 (PCI DSS) - 1 (PCI DSS) D PCI DSS D 20 (PCI DSS) 2010 (C) PCI Security Standards Council LLC 2010 iv

6 - PCI DSS D 20 (PCI DSS) 2010 (C) PCI Security Standards Council LLC 2010 v

7 D - A C - ( ) - B - C-VT - - C - D - A-C D - A C - D D PCI DSS - PCI DSS PCI DSS C (C) PCI Security Standards Council LLC 2010 vi

8 PCI DSS 1 PCI DSS 2 D PCI DSS 3 ASV- (ASV Approved Scanning Vendor) PCI DSS 4 5 ASV- - ( - ) PCI DSS C (C) PCI Security Standards Council LLC 2010 vii

9 D PCI DSS ( ) 111 ( ( 63 65) POS- / ) PCI DSS C (C) PCI Security Standards Council LLC 2010 viii

10 - D - PCI DSS PCI DSS 1-1a URL- 1b URL- 2 - ( ) PCI DSS D (C) PCI Security Standards Council LLC

11 PCI DSS 2a ) ( - - 2b PABP/PA-DSS 3 PCI DSS D ( - ) PCI SSC Approved Scanning Vendor (ASV) ( - ) PCI DSS PCI SSC Approved Scanning Vendor (ASV) ( - ) PCI DSS 4 4-3a - PCI DSS D (C) PCI Security Standards Council LLC

12 D PCI DSS ( C) PCI DSS PCI DSS 2 CAV2 CVC2 CID CVV b PCI DSS ( ) ( ) PIN- PCI DSS D (C) PCI Security Standards Council LLC

13 PCI DSS 1 ( ) ( PCI DSS D (C) PCI Security Standards Council LLC

14 D PCI DSS PCI DSS 1 1a - URL- 1b URL- 2 PCI DSS 2a PCI DSS ( ) 3-D Secure PCI DSS D (C) PCI Security Standards Council LLC

15 - POS- - PCI DSS PCI DSS D (C) PCI Security Standards Council LLC

16 2b - PCI DSS 3-D Secure - POS- - 2c ( - ) 2d PABP/PA-DSS 3 PCI DSS D PCI SSC Approved Scanning Vendor (ASV) PCI DSS PCI DSS D (C) PCI Security Standards Council LLC

17 PCI SSC Approved Scanning Vendor (ASV) PCI DSS PCI DSS D (C) PCI Security Standards Council LLC

18 3a D PCI DSS ( C) PCI DSS PCI DSS 5 CAV2 CVC2 CID CVV b PIN- PCI DSS D (C) PCI Security Standards Council LLC

19 PCI DSS ( ) ( ) PCI DSS D (C) PCI Security Standards Council LLC

20 D PCI DSS PCI DSS 1 PCI DSS ( ) 113 (a) DMZ (a) ( HTTP SSL SSH VPN) ( / ) ( ) PCI DSS SAQ D (C) PCI Security Standards Council LLC

21 PCI DSS 116 (a) FTP Telnet POP3 IMAP SMTP (a) / PCI DSS SAQ D (C) PCI Security Standards Council LLC

22 PCI DSS 131 DMZ IP- DMZ DMZ ( ) 137 ( ) DMZ 138 (a) IP- IP- Network Address Translation (NAT); - / ; ; RFC1918 IP- PCI DSS SAQ D (C) PCI Security Standards Council LLC

23 PCI DSS 14 (a) ) ( ( ) PCI DSS SAQ D (C) PCI Security Standards Council LLC

24 2 PCI DSS 21 SNMP; 211 (a) (b) (c) - SNMP / 22 (a) (b) (CIS) SANS (NIST) (ISO) 62 ( / ) ( ) PCI DSS SAQ D (C) PCI Security Standards Council LLC

25 PCI DSS (c) (d) 221 (a) ( - DNS- ) ) ( 222 (a) ( ) SSH S-FTP SSL IPSec VPN NetBIOS Telnet FTP 223 (a) PCI DSS SAQ D (C) PCI Security Standards Council LLC

26 PCI DSS 23 SSL/TLS - SSH VPN (a) ( ) Telnet - 24 PCI DSS ( - ) PCI DSS SAQ D (C) PCI Security Standards Council LLC

27 3 PCI DSS (a) Y X ( ) ( / ) ( ) PCI DSS SAQ D (C) PCI Security Standards Council LLC

28 PCI DSS 32 (a) 321 ( ) 1 2 ; (PAN); ; 322 CVC ( - ) 323 (PIN) PIN- PCI DSS SAQ D (C) PCI Security Standards Council LLC

29 PCI DSS 33 PAN ( PAN 6 4) PAN POS- 34 PAN ( ) ( PAN) - ( PAN) One-Time-Pad ( ) (index tokens) PAN - PAN PAN 341 ( ) ) ( PCI DSS SAQ D (C) PCI Security Standards Council LLC

30 PCI DSS ( ) (a) 36 (a) (b) (c) PCI DSS SAQ D (C) PCI Security Standards Council LLC

31 PCI DSS ( ) NIST) ( (a) ( ) ( 366 ) (b) (c) ( 2-3 ) ) ( PCI DSS SAQ D (C) PCI Security Standards Council LLC

32 4 PCI DSS 41 (a) SSLTLS SSH IPSEC I DSS (b) (c) (d) ( ) (e) SSL/TLS URL- HTTPS URL- HTTPS 411 ( IEEE 80211i) 2010 WEP (a) PAN ( ) (b) PAN ( / ) ( ) PCI DSS SAQ D (C) PCI Security Standards Council LLC

33 5 PCI DSS ( ) 52 (a) (b) (c) (d) 107 PCI DSS 6 PCI DSS 61 (a) ( / ) ( ) ( / ) ( ) PCI DSS SAQ D (C) PCI Security Standards Council LLC

34 PCI DSS ( ) 62 (a) 40 CVSS; 63 (a) (b) (c) PCI DSS ( (d) 631 ) PCI DSS SAQ D (C) PCI Security Standards Council LLC

35 PCI DSS 632 ) ( 65 PCI DSS) ( ) ( - DSS ; 66 PCI ( PAN) PCI DSS SAQ D (C) PCI Security Standards Council LLC

36 PCI DSS (a) (a) 65 PCI DSS (a) ( OWASP SANS CWE Top 25 CERT ) (b) (c) PCI DSS PCI DSS SAQ D (C) PCI Security Standards Council LLC

37 PCI DSS 651 SQL- ( Xpath 652 ) LDAP ( ) 655 ( 656 ( 62 PCI DSS) ( ) 657 (XSS) ( - ) ) 658 ( URL ) ( ) 659 (CSRF) ( ) PCI DSS SAQ D (C) PCI Security Standards Council LLC

38 PCI DSS 66 - ) o o o ( o o - - PCI DSS SAQ D (C) PCI Security Standards Council LLC

39 7 PCI DSS ) ( ( / ) ( ) PCI DSS SAQ D (C) PCI Security Standards Council LLC

40 8 PCI DSS ( - ) RADIUS ; TACACS ( PCI DSS 82) ( ) ( / ) ( ) PCI DSS SAQ D (C) PCI Security Standards Council LLC

41 PCI DSS 851 ) ( 852 ( ) ( ) (a) 90 PCI DSS SAQ D (C) PCI Security Standards Council LLC

42 PCI DSS (a) (a) (a) ( ) (a) ( ) PCI DSS SAQ D (C) PCI Security Standards Council LLC

43 PCI DSS ( ) ( ) ( ) PCI DSS SAQ D (C) PCI Security Standards Council LLC

44 9 PCI DSS (a) POS- 912 (b) (c) ) 3 ( ( ) 913 / ( / ) ( ) PCI DSS SAQ D (C) PCI Security Standards Council LLC

45 PCI DSS 92 (a) (b) ( ) (a) PCI DSS SAQ D (C) PCI Security Standards Council LLC

46 PCI DSS 95 (a) (b) 96 ) ( 97 (a) (b) ( ) PCI DSS SAQ D (C) PCI Security Standards Council LLC

47 PCI DSS (a) ) ( 9102 PCI DSS SAQ D (C) PCI Security Standards Council LLC

48 10 PCI DSS 101 ( ) ( / ) ( ) PCI DSS SAQ D (C) PCI Security Standards Council LLC

49 PCI DSS 104 (a) Protocol) (Network Time 1041 (a) Atomic Time) (UTC) (International 1042 (a) 1043 ( ) IP- ( ) PCI DSS SAQ D (C) PCI Security Standards Council LLC

50 PCI DSS ( DNS ) 1055 ( ) (IDS) ( RADIUS) 107 (a) 3 11 PCI DSS ( / ) ( ) PCI DSS SAQ D (C) PCI Security Standards Council LLC

51 PCI DSS 111 (NAC) IDS/IPS WLAN ; ); ( USB ( IDS/IPS ) ( 129) PCI DSS SAQ D (C) PCI Security Standards Council LLC

52 PCI DSS 112 ) ( PCI DSS 1) 2) 3) PCI DSS 1121 (a) 62 PCI DSS ( QSA ASV ) 1122 (a) ASV- (ASV Program Guide) ( 40 (CVSS) ) PCI DSS SAQ D (C) PCI Security Standards Council LLC

53 PCI DSS 1123 (a) SS (ASV) PCI ( ) 40 (CVSS); 62 PCI DSS ( QSA ASV ) 113 (a) (b) (c) - ) ( QSA ASV ) ( PCI DSS SAQ D (C) PCI Security Standards Council LLC

54 PCI DSS (a) 65 PCI DSS (b) IDS / IPS (c) 115 (a) ; ; ; PCI DSS SAQ D (C) PCI Security Standards Council LLC

55 PCI DSS (b) ( - ) PCI DSS SAQ D (C) PCI Security Standards Council LLC

56 12 PCI DSS (a) PCI DSS ( 30) OCTAVE ISO NIST SP ( ) ( / ) ( ) PCI DSS SAQ D (C) PCI Security Standards Council LLC

57 PCI DSS 123 ( ) PCI DSS PCI DSS SAQ D (C) PCI Security Standards Council LLC

58 PCI DSS (a) 1261 ( ) PCI DSS SAQ D (C) PCI Security Standards Council LLC

59 PCI DSS ( ) PCI DSS (a) (b) ; ; ; PCI DSS SAQ D (C) PCI Security Standards Council LLC

60 PCI DSS ; ; ; / PCI DSS SAQ D (C) PCI Security Standards Council LLC

61 PCI DSS A1 PCI DSS A1 ( - ) A11 A14 - PCI DSS - PCI DSS PCI DSS A11 - CGI- A12 (a) / ( / ) ( ) PCI DSS D (C) PCI Security Standards Council LLC

62 PCI DSS ( chroot jailshell ) ( ) A13 10 PCI DSS ( - ) A14 PCI DSS D (C) PCI Security Standards Council LLC

63 PCI DSS - 1 PCI DSS 2 PCI DSS ( PCI DSS PCI DSS) 3 ( PCI DSS ) ) ) a) PCI DSS PCI DSS PCI DSS b) PCI DSS 1) ; 2) c) PCI DSS ) 34 ( 1) ; 2) IP- MAC- ; 3) 4 PCI DSS; PCI DSS C (C) PCI Security Standards Council LLC

64 PCI DSS PCI DSS C (C) PCI Security Standards Council LLC

65 ) ( 5 6 PCI DSS C 20 C 2010 (C) PCI Security Standards Council LLC

66 81 1 XYZ Unix- LDAP- ( root ) root SU SU 5 XYZ SU root 6 XYZ PCI DSS C 20 C 2010 (C) PCI Security Standards Council LLC SU

67 root PCI DSS C 20 C 2010 (C) PCI Security Standards Council LLC

68 / 931 PCI DSS B (C) PCI Security Standards Council LLC

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance All other SAQ-Eligible Merchants and Service Providers Version 2.0 October 2010 Document