What you need to know about payment security
PCI DSS 3.2 encompasses six key objectives. These objectives are split across a set of 12 requirements, each incorporating a range of preventative, detective and directive controls.
PCI DSS objectives
Build and Maintain a Secure Network
2. Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
4. Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
6. Develop and maintain secure systems and applications
Implement Strong Access Control Measures
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
Regularly Monitor and Test Networks
11. Regularly test security systems and processes
Maintain an Information Security Policy
Our PCI DSS services
Redscan offers a range of specialist PCI DSS services, including:
Kroll Responder, our Managed Detection and Response service, help organisations track and monitor access to network resources and cardholder data in order to achieve compliance with PCI DSS 3.2 requirements 10 & 11.
• Log management
• Asset discovery
• Intrusion detection
• File integrity monitoring
• Internal vulnerability scanning
Requirement 11 of PCI DSS 3.2 outlines the need for organisations to perform internal and external penetration testing at least annually, or after any significant change to network infrastructure.
Internal quarterly vulnerability scanning by our cyber security experts helps to identify, classify and remediate common exposures such as weak user credentials and unpatched or out-of-date operating systems, applications and software. To comply with PCI requirement 11, vulnerability scans should be performed quarterly and after any significant network changes.
Call upon a highly-qualified and experienced security professional to support your PCI DSS requirements. By acting as an extension of in-house resources, a Redscan Virtual CISO can help to assess cyber-risk and develop and implement the policies, procedures and controls needed to achieve PCI compliance.
Discuss your PCI DSS requirementsGet in touch
More about PCI DSS compliance
For more information about PCI DSS compliance:
Get in touch
Complete the form for a prompt response from our team.