Build and Maintain a Secure Network
1 – Install and maintain a firewall configuration to protect cardholder data
2 – Do not use vendor–supplied defaults for system passwords and other security parameters
Protect Cardholder Data
3 – Protect stored cardholder data
4 – Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
5 – Use and regularly update anti–virus software
6 – Develop and maintain secure systems and applications
Implement Strong Access Control Measures
7 – Restrict access to cardholder data by business need–to–know
8 – Assign a unique ID to each person with computer access
9 – Restrict physical access to cardholder data
Regularly Monitor and Test Networks
10 – Track and monitor all access to network resources and cardholder data
11 – Regularly test security systems and processes
Maintain an Information Security Policy
12 – Maintain a policy that addresses information security