PCI DSS or the 12 mandatory requirements

pci6Each Day, when I spoke with my QSAs, we try to follow this way : Respect all individual requirements on the 12 chapters and explain at all colleagues what’s PCI on few words.

In first explain each chapter with theses definitions.


Build and maintain a secure network.

  • Requirement 1 : Install and maintain a firewall configuration to protect Cardholder data.
  • Requirement 2: Do not user vendor-supplied default for system passwords and other security parameters.

Protect CardHolder data.

  • Requirement 3 : Protect stored all Cardholder data.
  • Requirement 4 : Encrypt all transmission of cardholder data accross open, public networks.

Maintain a vulnerability Management programme.

  • Requirement 5 : Use and regularly update and anti-virus software.
  • Requirement 6 : Develop and maintain secure systems and applications

Implementing strong access control measures.

  • Requirement 7 : Restrict access to cardholder data by business need-to-know.
  • Requirement 8 : Assign a unique ID to each person with computer access.
  • Requirement 9 : Restrict Physical access to Cardholder data.

Regularly monitor and tests networks.

  • Requirement 10 : Track and monitor all access to network ressources and cardholder data.
  • Requirement 11 : Regularly test security systems and processes.

Maintain an information security.

  • Requirement 12 : Maintain a policy that addresses information security.