PCI DSS PCI DSS 2.0.

Similar documents
Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A-EP and Attestation of Compliance

1.3 Prohibit Direct Public Access - Prohibit direct public access between the Internet and any system component in the cardholder data environment.

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire C and Attestation of Compliance

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance

Secure Auditor PCI Compliance Statement

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire C-VT and Attestation of Compliance

Payment Card Industry (PCI) Data Security Standard. Summary of Changes from PCI DSS Version to 2.0

Visa Asia Pacific Account Information Security (AIS) Program Payment Application Best Practices (PABP)

Payment Card Industry (PCI) Data Security Standard

REDSEAL NETWORKS SOLUTION BRIEF. Proactive Network Intelligence Solutions For PCI DSS Compliance

SonicWALL PCI 1.1 Implementation Guide

March

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire C-VT and Attestation of Compliance

Payment Card Industry (PCI) Data Security Standard

Tagging PCI groups in OSSEC rules. PCI DSS Requirements v3.1 N/A N/A N/A N/A N/A N/A N/A N/A

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire C and Attestation of Compliance

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard. Requirements and Security Assessment Procedures. Version 3.1 April 2015

So you want to take Credit Cards!

PCI DSS 3.2 PRIORITIZED CHECKLIST

Payment Card Industry (PCI) Data Security Standard

Visa U.S.A Cardholder Information Security Program (CISP) Payment Application Best Practices

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard. Attestation of Compliance for Self-Assessment Questionnaire C-VT. Version 2.0

TABLE OF CONTENTS. Compensating Controls Worksheet ReymannGroup, Inc. PCI DSS SAQ Tool Version 2009 Page 1 of 51

Payment Card Industry Data Security Standard C-VT Guide

The Prioritized Approach to Pursue PCI DSS Compliance

Connecting to and Setting Up a Network

Catapult PCI Compliance

ISO PCI DSS 2.0 Title Number Requirement

PCI 3.0 and Managed Security:

PAYMENT CARD INDUSTRY (PCI) COMPLIANCE WORKBOOK. PCI SAQ TYPE A-EP Level 4. Virtual Terminals

Payment Card Industry (PCI) Data Security Standard. Requirements and Security Assessment Procedures. Version 3.0 November 2013

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers

Payment Card Industry (PCI) Data Security Standard. Glossary, Abbreviations and Acronyms

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance

University of Sunderland Business Assurance PCI Security Policy

Payment Card Industry (PCI) Data Security Standard (DSS) and Payment Application Data Security Standard (PA-DSS)

PCI DSS Requirements Version 2.0 Milestone Network Box Comments. 6 Yes

Payment Card Industry Security Standards PCI DSS, PCI-PTS and PA-DSS

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details

What s New in PCI DSS Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 1

PCI-DSS 3.0 AND APPLICATION SECURITY

CCIE Security Written Exam ( ) version 4.0

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance

General Standards for Payment Card Environments at Miami University

SAQ D Compliance. Scott St. Aubin Senior Security Consultant QSA, CISM, CISSP

Payment Card Industry Data Security Standard. Information Security Policies

TCP/IP Credit Card Module

Payment Card Industry (PCI) Compliance A QSA Perspective

PCI DSS 3.1 Security Policy

A MERCHANTS GUIDE TO THE PAYMENT APPLICATION DATA SECURITY STANDARD (PA-DSS)

Policy Pack Cross Reference to PCI DSS Version 3.1

Payment Card Industry (PCI) Data Security Standard ROC Reporting Instructions for PCI DSS v2.0

Payment Card Industry (PCI) Data Security Standard Report on Compliance. Template for Report on Compliance for use with PCI DSS v3.0. Version 1.

Payment Card Industry Data Security Standard Self-Assessment Questionnaire B-IP Guide

Case 2:13-cv ES-JAD Document Filed 12/09/15 Page 1 of 116 PageID: Appendix A

Meeting PCI-DSS v1.2.1 Compliance Requirements. By Compliance Research Group

PAYMENT CARD INDUSTRY (PCI) ANNUAL TRAINING DECEMBER 10, 2009 WESTERN ILLINOIS UNIVERSITY OFFICE OF THE CTSO & BUSINESS SERVICES

Understanding the Intent of the Requirements

Payment Card Industry - Data Security Standard (PCI-DSS) Security Policy

Session 2: Self Assessment Questionnaire

Requirement 1: Install and maintain a firewall configuration to protect cardholder data

Payment Card Industry (PCI) Data Security Standard

Minnesota State Colleges and Universities System Procedures Chapter 5 Administration. Guideline Payment Card Industry Technical Requirements

PCI-COMPLIANT 4G LTE NETWORKING WITH DIGI ENTERPRISE ROUTERS

PA-DSS Implementation Guide

(d-5273) CCIE Security v3.0 Written Exam Topics

PCI DSS v2.0. Compliance Guide

Credit Card Security

PCI COMPLIANCE REQUIREMENTS COMPLIANCE CALENDAR

PCI v 3.0 What you should know! Emily Coble UNC Chapel Hill Robin Mayo East Carolina University

PAYMENT CARD INDUSTRY (PCI) COMPLIANCE WORKBOOK. PCI SAQ TYPE C-VT Level 4. Virtual Terminals

Payment Card Industry (PCI) Data Security Standard

BAE Systems PCI Essentail. PCI Requirements Coverage Summary Table

Payment Card Industry (PCI) Data Security Standard

Attestation of Compliance for Onsite Assessments Service Providers

Study Guide CompTIA A+ Certification, Domain 2 Networking

Cyber Essentials PLUS. Common Test Specification

Becoming PCI Compliant

Payment Card Industry (PCI) Data Security Standard

Using Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 2

ASV Scan Report Attestation of Scan Compliance

ARE YOU REALLY PCI DSS COMPLIANT? Case Studies of PCI DSS Failure! Jeff Foresman, PCI-QSA, CISSP Partner PONDURANCE

PCI DSS requirements solution mapping

Firewall Tips & Tricks. Paul Asadoorian Network Security Engineer Brown University November 20, 2002

Retour d'expérience PCI DSS

PCI DSS v3.0 Vulnerability & Penetration Testing

Attestation of Compliance for Onsite Assessments Service Providers

Unified Security Anywhere PCI COMPLIANCE PCI COMPLIANCE WE CAN HELP MAKE IT HAPPEN

Improving Web Application Firewall Testing (WAF) for better Deployment in Production Networks January 2009 OWASP Israel

2006 Network + Domain 2 - Study Guide

Policies and Procedures

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Approved Scanning Vendors. Program Guide Reference 1.0 PCI DSS Version 1.2

Transcription:

D - 20 2010

1 2008 12 28 2010 20 11 PCI DSS 12 PCI DSS 20 PCI DSS D 20 2010 (C) PCI Security Standards Council LLC 2010 i

i (PCI DSS) iv vi vi PCI DSS vii viii D - 1 D 1 D 1 1 1 1 2 5 8 3 8 4 13 14 5 14 6 14 20 7 20 8 21 9 25 29 10 29 11 31 12 37 37 PCI DSS D 20 2010 (C) PCI Security Standards Council LLC 2010 ii

PCI DSS 42 A1 42 44 46 47 49 PCI DSS D 20 2010 (C) PCI Security Standards Council LLC 2010 iii

DSS) (PCI PCI DSS (PCI DSS) - PCI DSS - (PCI DSS) - (PCI DSS) - 1 (PCI DSS) B - 1 (PCI DSS) C-VT - 1 (PCI DSS) - 1 (PCI DSS) D - 1 1 PCI DSS D 20 (PCI DSS) 2010 (C) PCI Security Standards Council LLC 2010 iv

- PCI DSS D 20 (PCI DSS) 2010 (C) PCI Security Standards Council LLC 2010 v

D - A C - ( ) - B - C-VT - - C - D - A-C D - A C - D D PCI DSS - PCI DSS PCI DSS C 20 2010 (C) PCI Security Standards Council LLC 2010 vi

PCI DSS 1 PCI DSS 2 D PCI DSS 3 ASV- (ASV Approved Scanning Vendor) PCI DSS 4 5 ASV- - ( - ) PCI DSS C 20 2010 (C) PCI Security Standards Council LLC 2010 vii

D PCI DSS ( 123 211 411) 111 ( ( 63 65) 91 94 POS- / ) PCI DSS C 20 2010 (C) PCI Security Standards Council LLC 2010 viii

- D - PCI DSS PCI DSS 1-1a URL- 1b URL- 2 - ( ) PCI DSS D 20-2010 (C) PCI Security Standards Council LLC 2010 1

PCI DSS 2a ) ( - - 2b PABP/PA-DSS 3 PCI DSS D ( - ) PCI SSC Approved Scanning Vendor (ASV) ( - ) PCI DSS PCI SSC Approved Scanning Vendor (ASV) ( - ) PCI DSS 4 4-3a - PCI DSS D 20-2010 (C) PCI Security Standards Council LLC 2010 2

D PCI DSS ( C) PCI DSS PCI DSS 2 CAV2 CVC2 CID CVV2 3-4 3b - - - - 4-4 - PCI DSS ( ) ( ) 2 3 4 - PIN- PCI DSS D 20-2010 (C) PCI Security Standards Council LLC 2010 3

PCI DSS 1 ( ) ( 2 3 4 5 6 7 8 9 10 11 12 PCI DSS D 20-2010 (C) PCI Security Standards Council LLC 2010 4

D PCI DSS PCI DSS 1 1a - URL- 1b URL- 2 PCI DSS 2a PCI DSS ( ) 3-D Secure PCI DSS D 20-2010 (C) PCI Security Standards Council LLC 2010 1

- POS- - PCI DSS PCI DSS D 20-2010 (C) PCI Security Standards Council LLC 2010 2

2b - PCI DSS 3-D Secure - POS- - 2c ( - ) 2d PABP/PA-DSS 3 PCI DSS D PCI SSC Approved Scanning Vendor (ASV) PCI DSS PCI DSS D 20-2010 (C) PCI Security Standards Council LLC 2010 3

PCI SSC Approved Scanning Vendor (ASV) PCI DSS 4 4 - PCI DSS D 20-2010 (C) PCI Security Standards Council LLC 2010 4

3a D PCI DSS ( C) PCI DSS PCI DSS 5 CAV2 CVC2 CID CVV2 6-7 3b 4-4 - 5 6 7 - PIN- PCI DSS D 20-2010 (C) PCI Security Standards Council LLC 2010 5

PCI DSS ( ) ( ) 1 2 3 4 5 6 7 8 9 10 11 12 PCI DSS D 20-2010 (C) PCI Security Standards Council LLC 2010 6

D PCI DSS PCI DSS 1 PCI DSS 11 111 112 ( ) 113 (a) DMZ 114 115 (a) ( HTTP SSL SSH VPN) ( / ) ( ) PCI DSS SAQ D 20 2010 (C) PCI Security Standards Council LLC 2010 1

PCI DSS 116 (a) FTP Telnet POP3 IMAP SMTP 12 121 (a) / 122 123-13 PCI DSS SAQ D 20 2010 (C) PCI Security Standards Council LLC 2010 2

PCI DSS 131 DMZ 132 - IP- DMZ 133 134 DMZ 135 136 ( ) 137 ( ) DMZ 138 (a) IP- IP- Network Address Translation (NAT); - / ; ; RFC1918 IP- PCI DSS SAQ D 20 2010 (C) PCI Security Standards Council LLC 2010 3

PCI DSS 14 (a) ) ( ( ) PCI DSS SAQ D 20 2010 (C) PCI Security Standards Council LLC 2010 4

2 PCI DSS 21 SNMP; 211 (a) (b) (c) - SNMP / 22 (a) (b) (CIS) SANS (NIST) (ISO) 62 ( / ) ( ) PCI DSS SAQ D 20 2010 (C) PCI Security Standards Council LLC 2010 5

PCI DSS (c) (d) 221 (a) ( - DNS- ) ) ( 222 (a) ( ) SSH S-FTP SSL IPSec VPN NetBIOS Telnet FTP 223 (a) 224 - PCI DSS SAQ D 20 2010 (C) PCI Security Standards Council LLC 2010 6

PCI DSS 23 SSL/TLS - SSH VPN (a) ( ) Telnet - 24 PCI DSS ( - ) PCI DSS SAQ D 20 2010 (C) PCI Security Standards Council LLC 2010 7

3 PCI DSS 31 311 (a) Y X ( ) ( / ) ( ) PCI DSS SAQ D 20 2010 (C) PCI Security Standards Council LLC 2010 8

PCI DSS 32 (a) 321 ( ) 1 2 ; (PAN); ; 322 CVC ( - ) 323 (PIN) PIN- PCI DSS SAQ D 20 2010 (C) PCI Security Standards Council LLC 2010 9

PCI DSS 33 PAN ( PAN 6 4) PAN POS- 34 PAN ( ) ( PAN) - ( PAN) One-Time-Pad ( ) (index tokens) PAN - PAN PAN 341 ( ) ) ( PCI DSS SAQ D 20 2010 (C) PCI Security Standards Council LLC 2010 10

PCI DSS ( ) 35 351 352 (a) 36 (a) (b) (c) 361-368 361 PCI DSS SAQ D 20 2010 (C) PCI Security Standards Council LLC 2010 11

PCI DSS 362 363 364 ( ) NIST) ( 800-57 365 (a) ( ) ( 366 ) (b) (c) ( 2-3 ) 367 368 ) ( PCI DSS SAQ D 20 2010 (C) PCI Security Standards Council LLC 2010 12

4 PCI DSS 41 (a) SSLTLS SSH IPSEC I DSS (b) (c) (d) ( ) (e) SSL/TLS URL- HTTPS URL- HTTPS 411 ( IEEE 80211i) 2010 WEP 30 42 (a) PAN ( ) (b) PAN ( / ) ( ) PCI DSS SAQ D 20 2010 (C) PCI Security Standards Council LLC 2010 13

5 PCI DSS 51 511 ( ) 52 (a) (b) (c) (d) 107 PCI DSS 6 PCI DSS 61 (a) ( / ) ( ) ( / ) ( ) PCI DSS SAQ D 20 2010 (C) PCI Security Standards Council LLC 2010 14

PCI DSS ( ) 62 (a) 40 CVSS; 63 (a) 30 2012 (b) (c) PCI DSS ( (d) 631 ) PCI DSS SAQ D 20 2010 (C) PCI Security Standards Council LLC 2010 15

PCI DSS 632 ) ( 65 PCI DSS) ( ) ( - DSS ; 66 PCI 64 641 642 643 ( PAN) PCI DSS SAQ D 20 2010 (C) PCI Security Standards Council LLC 2010 16

PCI DSS 644 645 (a) 6454 6451 6451 6452 6453 (a) 65 PCI DSS 6454 65 (a) ( OWASP SANS CWE Top 25 CERT ) (b) (c) 651 659 PCI DSS PCI DSS SAQ D 20 2010 (C) PCI Security Standards Council LLC 2010 17

PCI DSS 651 SQL- ( Xpath 652 ) LDAP 653 654 ( ) 655 ( 656 ( 62 PCI DSS) 30 2012 - ( ) 657 (XSS) ( - ) ) 658 ( URL ) ( ) 659 (CSRF) ( ) PCI DSS SAQ D 20 2010 (C) PCI Security Standards Council LLC 2010 18

PCI DSS 66 - ) o o o ( o o - - PCI DSS SAQ D 20 2010 (C) PCI Security Standards Council LLC 2010 19

7 PCI DSS 71 711 712 713 ) ( 714 72 721 722 723 ( / ) ( ) PCI DSS SAQ D 20 2010 (C) PCI Security Standards Council LLC 2010 20

8 PCI DSS 81 82 83 ( - ) RADIUS ; TACACS ( PCI DSS 82) ( ) 84 85 ( / ) ( ) PCI DSS SAQ D 20 2010 (C) PCI Security Standards Council LLC 2010 21

PCI DSS 851 ) ( 852 ( ) 853 854 855 90 856 857 858 ( ) - 859 (a) 90 PCI DSS SAQ D 20 2010 (C) PCI Security Standards Council LLC 2010 22

PCI DSS 8510 7 8511 (a) (a) 8512 8513 (a) 8514 8515 30 ( ) 15 8516 (a) ( ) PCI DSS SAQ D 20 2010 (C) PCI Security Standards Council LLC 2010 23

PCI DSS ( ) ( ) ( ) PCI DSS SAQ D 20 2010 (C) PCI Security Standards Council LLC 2010 24

9 PCI DSS 91 911 (a) POS- 912 (b) (c) ) 3 ( ( ) 913 / ( / ) ( ) PCI DSS SAQ D 20 2010 (C) PCI Security Standards Council LLC 2010 25

PCI DSS 92 (a) (b) 93 931 932 ( ) 933 94 (a) PCI DSS SAQ D 20 2010 (C) PCI Security Standards Council LLC 2010 26

PCI DSS 95 (a) (b) 96 ) ( 97 (a) (b) 971 972 98 ( ) 99 991 PCI DSS SAQ D 20 2010 (C) PCI Security Standards Council LLC 2010 27

PCI DSS 910-9101 (a) ) ( 9102 PCI DSS SAQ D 20 2010 (C) PCI Security Standards Council LLC 2010 28

10 PCI DSS 101 ( ) 102 1021 1022 1023 1024 102 5 1026 1027 103 1031 1032 1033 1034 1035 1036 ( / ) ( ) PCI DSS SAQ D 20 2010 (C) PCI Security Standards Council LLC 2010 29

PCI DSS 104 (a) Protocol) (Network Time 1041 (a) Atomic Time) (UTC) (International 1042 (a) 1043 ( ) IP- ( ) 105 1051 PCI DSS SAQ D 20 2010 (C) PCI Security Standards Council LLC 2010 30

PCI DSS 1052 1053 1054 ( DNS ) 1055 ( ) 106 106 (IDS) ( RADIUS) 107 (a) 3 11 PCI DSS ( / ) ( ) PCI DSS SAQ D 20 2010 (C) PCI Security Standards Council LLC 2010 31

PCI DSS 111 (NAC) IDS/IPS WLAN ; ); ( USB ( IDS/IPS ) ( 129) PCI DSS SAQ D 20 2010 (C) PCI Security Standards Council LLC 2010 32

PCI DSS 112 ) ( PCI DSS 1) 2) 3) PCI DSS 1121 (a) 62 PCI DSS ( QSA ASV ) 1122 (a) ASV- (ASV Program Guide) ( 40 (CVSS) ) PCI DSS SAQ D 20 2010 (C) PCI Security Standards Council LLC 2010 33

PCI DSS 1123 (a) SS (ASV) PCI ( ) 40 (CVSS); 62 PCI DSS ( QSA ASV ) 113 (a) (b) (c) - ) ( QSA ASV ) ( PCI DSS SAQ D 20 2010 (C) PCI Security Standards Council LLC 2010 34

PCI DSS 1131 1132 114 (a) 65 PCI DSS (b) IDS / IPS (c) 115 (a) ; ; ; PCI DSS SAQ D 20 2010 (C) PCI Security Standards Council LLC 2010 35

PCI DSS (b) ( - ) PCI DSS SAQ D 20 2010 (C) PCI Security Standards Council LLC 2010 36

12 PCI DSS 121 1211 1212 (a) PCI DSS ( 30) OCTAVE ISO 27005 NIST SP 800-1213 - 122 ( ) ( / ) ( ) PCI DSS SAQ D 20 2010 (C) PCI Security Standards Council LLC 2010 37

PCI DSS 123 ( ) 1231 1232 1233 1234 1235 1236 1237 1238 1239 12310 124 PCI DSS PCI DSS SAQ D 20 2010 (C) PCI Security Standards Council LLC 2010 38

PCI DSS 125 1251 1252 1253 1254 1255 126 (a) 1261 ( ) PCI DSS SAQ D 20 2010 (C) PCI Security Standards Council LLC 2010 39

PCI DSS 1262 127 ( ) 128 1281 1282 1283 1284 PCI DSS 129 1291 (a) (b) ; ; ; PCI DSS SAQ D 20 2010 (C) PCI Security Standards Council LLC 2010 40

PCI DSS ; ; ; 1292 1293 24/7 1294 1295 1296 PCI DSS SAQ D 20 2010 (C) PCI Security Standards Council LLC 2010 41

PCI DSS A1 PCI DSS A1 ( - ) A11 A14 - PCI DSS - PCI DSS PCI DSS A11 - CGI- A12 (a) / ( / ) ( ) PCI DSS D 20 2010 (C) PCI Security Standards Council LLC 2010 42

PCI DSS ( chroot jailshell ) ( ) A13 10 PCI DSS ( - ) A14 PCI DSS D 20 2010 (C) PCI Security Standards Council LLC 2010 43

PCI DSS - 1 PCI DSS 2 PCI DSS ( PCI DSS PCI DSS) 3 ( PCI DSS ) ) ) a) PCI DSS PCI DSS PCI DSS b) PCI DSS 1) ; 2) c) PCI DSS ) 34 ( 1) ; 2) IP- MAC- ; 3) 4 PCI DSS; PCI DSS C 20 2010 (C) PCI Security Standards Council LLC 2010 44

PCI DSS PCI DSS C 20 2010 (C) PCI Security Standards Council LLC 2010 45

1 2 3 4 ) ( 5 6 PCI DSS C 20 C 2010 (C) PCI Security Standards Council LLC 2010 46

81 1 XYZ Unix- LDAP- ( root ) root 2 - - 3 4 SU SU 5 XYZ SU root 6 XYZ PCI DSS C 20 C 2010 (C) PCI Security Standards Council LLC 2010 47 SU

root PCI DSS C 20 C 2010 (C) PCI Security Standards Council LLC 2010 48

/ 931 PCI DSS B 20 2010 (C) PCI Security Standards Council LLC 2010 49

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information