In general, it is expected that a company would have a policy and process for background checks, including their own decision process for which background check results would have an …

At a high level, adequate network segmentation isolates systems that store, process, or transmit cardholder data from those that do not. Network segmentation can be achieved through a number of …

The objective of PCI DSS Requirement 9.6.1 “Classify media so the sensitivity of the data can be determined,” is to ensure that media is controlled and protected against inadvertent or …

The intent of this requirement is to address the acceptability of disk encryption for rendering cardholder data unreadable. Disk encryption encrypts data stored on a computer’s mass storage and automatically …

The PA-DSS details the requirements a payment application must meet in order to facilitate a customer’s PCI DSS compliance. PA-DSS validated payment applications, when implemented in a PCI DSS-compliant environment, …

The term “remote access” refers to access to a computer network from a location outside of that network. Examples of remote access include access from the Internet, an “untrusted” network …

PCI DSS Requirement 3.3 states that PAN must be masked when displayed (the first six and last four digits are the maximum number of digits to be displayed) such that …

The role of the Advisory Board will be to provide strategic and technical guidance to the PCI Security Standards Council, reflecting different stakeholder perspectives. The Advisory Board does not have …

PCI DSS is the standard for merchants and service providers to protect cardholder data. The PA-DSS and PTS device security requirements support the overall implementation of PCI DSS by allowing …

Whether a particular whitelisting implementation can meet PCI DSS Requirement 5 will depend on the specific implementation. The intent of Requirement 5 is to detect, remove and protect system components …