PCI DSS compliance is a robust framework of six control objectives and 12 requirements. Each objective covers one important section of the payment card industries data security requirements.

PCI DSS Requirements

Requirements of the standard - The standard is comprised of six control objectives that contain one or more requirements. In all there are 12 specific requirements under these control objectives. The verification and reporting process may vary depending on the level of merchants and service providers. An organization is also expected to identify its category or type for identifying what requirements are applicable to it.

  1. Build and maintain a secure network
    • Install and maintain a firewall configuration to protect cardholder data.
    • Not use vendor-supplied defaults for system passwords and other security parameters.

  2. Protect cardholder data
    • Protect stored cardholder data.
    • Encrypt transmission of cardholder data across open, public networks.

  3. Maintain a vulnerability management program
    • Use and regularly update anti-virus software.
    • Develop and maintain secure systems and applications.

  4. Implement strong access control measures
    • Restrict access to cardholder data by business need-to-know.
    • Assign a unique ID to each person with computer access.
    • Restrict physical access to cardholder data.

  5. Regularly monitor and test networks
    • Track and monitor all access to network resources and cardholder data.
    • Regularly test security systems and processes.

  6. Maintain an information security policy
    • Maintain a policy that addresses information security.

How Valency Networks can help you with PCI DSS?

  • By studying your business requirement.
  • Performing architecture review of your systems and networks.
  • Performing PCI DSS specific vulnerability scanning.
  • Providing end to end consultancy to fix vulnerabilities.
  • Suggesting appropriate hardware and software components/devices for security compliance.
  • Performing periodic audits

IT Audit Services





Related Links

A typical website penetration testing service comprises of simulation of real life hacking methodologies. It encompasees various security attack vectors and exploitation of potential vulnerabilities. Read More
We follow a systematic and yet agile approach to test website security. This helps our customers gain an extremly accurate and elaborate results along with a knowledge base and years of experience on the subject matter. Read More
Security testing is a continuous improvement process to get benefited in terms of increasing ROI (Returns On Investment). Benefits of a pen-test are short term as well as long term. Read More
Here is a list of typical questions which are in the minds of those who wish to leverage our services. If you see more information, feel free to contact us. Read More
Please see a list of key vulnerabilities which must be tested while performing a website or webportal penetration testing. Read More