Products

PCI DSS Compliance

Global Learning Systems provides solutions to meet PCI DSS standards and can help your organization stay compliant with the latest requirements.

Payment Card Industry Data Security Standard (PCI DSS)

The PCI DSS was developed by the major credit card companies (Visa, Mastercard, American Express, DiscoverCard, JCB International) to help organizations that handle credit card payments prevent card fraud, cracking, and other security threats. Any organization that processes, stores or transmits payment card data must be PCI DSS compliant to avoid audits and fines, as well as the more serious effects of a breach.

The current version of the PCI DSS standard (1.1) specifies 12 requirements for compliance, organized into 6 "control objectives."

• Build and Maintain a Secure Network
• Requirement 1: Install and maintain a firewall configuration to protect cardholder data
• Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
• Protect Cardholder Data
• Requirement 3: Protect stored cardholder data
• Requirement 4: Encrypt transmission of cardholder data across open, public networks
• Maintain a Vulnerability Management Program
• Requirement 5: Use and regularly update anti-virus software
• Requirement 6: Develop and maintain secure systems and applications
• Implement Strong Access Control Measures
• Requirement 7: Restrict access to cardholder data by business need-to-know
• Requirement 8: Assign a unique ID to each person with computer access
• Requirement 9: Restrict physical access to cardholder data
• Regularly Monitor and Test Networks
• Requirement 10: Track and monitor all access to network resources and cardholder data
• Requirement 11: Regularly test security systems and processes
• Maintain an Information Security Policy
• Requirement 12: Maintain a policy that addresses information security

PCI DSS version 1.2 is planned for release in October 2008. Standards derived from the PCI DSS include PABP and PA-DSS.

According to The PCI Security Standards Council, the new update will enhance the clarity of technical requirements, offer improved flexibility and address new/evolving risks and threats.

PCI DSS Version 1.2 will:

• incorporate existing and new best practices
• provide further scoping and report clarification
• eliminate overlapping sub-requirements
• consolidate documentation
• enhance the FAQ and glossary to facilitate better understanding of the security process

Give Global Learning Systems a call to find out how we can help your organization meet PCI DSS Compliance before you experience a breach.

• Security Awareness Training - Products Overview
• Information Security Awareness Training - Cyber Security Training
• Privacy Act Training
• Lean 6 Sigma Training
• PRO-IP ACT Training
• PCI DSS Compliance
• Information Technology Training
• eDiscovery Training and eDiscovery Compliance
• HIPAA Training
• CyberSecurity Awareness Training
• Ethics Training