Payment Card Industry Data Security Standard
PCI-DSS Compliance Kit
Credit Card Companies aim to secure cardholder data wherever it resides, requiring that members, merchants, and service providers maintain the highest information security standards. While the threshold for PCI compliance is only a minimum standard, businesses recognize that failure to meet PCI requirements can lead to both financial penalties and long-term damage to customer trust and brand equity.
PCI requirements maintain that companies shall encrypt data at rest, which is a challenging and expensive endeavor for most retailers to undertake.
The PCI DSS security requirements apply to all “system components. ” A system component is defined as any network component, server, or application that is included in or connected to the cardholder data environment. The cardholder data environment is that part of the network that possesses cardholder data or sensitive authentication data. Network components include but are not limited to firewalls, switches, routers, wireless access points, network appliances, and other security appliances. Server types include, but are not limited to the following: web, database, authentication, mail, proxy, network time protocol (NTP), and domain name server (DNS). Applications include all purchased and custom applications, including internal and external (internet) applications.
This PCI-DSS Compliance Kit is specific to the requirements of PCI-DSS.
The table below shows what is included in each of the three versions of the PCI Compliance Kit: