PCI DSS 12 fundamental requirements

Here follow in a shortcut 12 fundamental requirements of PCI DSS (Payment Card Industry Data Security Standard) Keep a firewall Block access to CDE (Card Data Environment) Understanding the network topology and CHD (Card Holder Data) flows No defaults No vendor passwords Disabling features, ports,… I don't need Protect stored data Truncating, tokenizing, encrypting.. Goal is that even if attacker get them, he can see them Protect transmitted data Maintain encryption Strong authentication Never PANs as plaintext Prevent malware Having anti-malware software Having policies so users can't disable it Develop securely Secure SW lifecycle + patching vulnerabilities Need-to-know access Principle of least privilege: each role sees the least card data, for the least amount of time, to do their job Having access control by ...