Credit Card Companies form security council


It seems that the evolving PCI (Payment Card International) standard is getting more support with all of the major credit card companies agreeing to get together to form the new Security Standards Council.


While the PCI is fairly high level right now, it is requirement 6, calling for secure applications which catches my eye. I'm going to keep my eye on this group and see what lifecycle recommendations they make to development groups. 


Build and Maintain a Secure Network


Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data


Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program


Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications

Implement Strong Access Control Measures


Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data

Regularly Monitor and Test Networks


Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes

Maintain an Information Security Policy


Requirement 12: Maintain a policy that addresses information security

 


Comments (0)

Skip to main content