Each Day, when I spoke with my QSAs, we try to follow this way : Respect all individual requirements on the 12 chapters and explain at all colleagues what’s PCI on few words.

In first explain each chapter with theses definitions.

 

Build and maintain a secure network.

• Requirement 1 : Install and maintain a firewall configuration to protect Cardholder data.
• Requirement 2: Do not user vendor-supplied default for system passwords and other security parameters.

Protect CardHolder data.

• Requirement 3 : Protect stored all Cardholder data.
• Requirement 4 : Encrypt all transmission of cardholder data accross open, public networks.

Maintain a vulnerability Management programme.

• Requirement 5 : Use and regularly update and anti-virus software.
• Requirement 6 : Develop and maintain secure systems and applications

Implementing strong access control measures.

• Requirement 7 : Restrict access to cardholder data by business need-to-know.
• Requirement 8 : Assign a unique ID to each person with computer access.
• Requirement 9 : Restrict Physical access to Cardholder data.

Regularly monitor and tests networks.

• Requirement 10 : Track and monitor all access to network ressources and cardholder data.
• Requirement 11 : Regularly test security systems and processes.

Maintain an information security.

• Requirement 12 : Maintain a policy that addresses information security.