- Self Assessment Questionnaire
- Pin Transaction Security (Encrypting Pin Pad Device)
- Validated Payment Applications
These were best practices, now these are mandated requirements from February 1st 2018.
List of Controls
- Install and maintain firewall configuration to protect card data.
- Do not use system defaults.
- Protect stored cardholder data.
- Encrypt transmission of card data across open public network.
- Protect system against malware and regularly update antivirus software.
- Develop and Maintain secure system and applications.
- Restrict access to card data environment by business need.
- Identify and Authenticate access to system components.
- Restrict physical access to cardholder data.
- Track and monitor all access to network resources and card data.
- Regularly test security systems and processes.
- Maintain a policy that addresses information security for all personnel.