Step 3: Attaining PCI DSS Compliance - Merchant

Security Audits: 12 Requirements

If a merchant, Independent Sales Organization (ISO) or service provider is at a Level 1 or Level 2, one of the major PCI DSS validation components is the Annual On-Site PCI Data Security Assessment, which is based entirely from the PCI DSS Audit Procedures document.

Merchants and service providers should select a Qualified Security Assessor (QSA) to perform the audit or-in the case of a Level 1 merchant or service provider-an internal audit, signed by the chief officer for the organization.

Visa and MasterCard offer a list of approved QSAs on their Web site. These assessors should strictly adhere to the Audit Procedures document and complete the mandatory Report on Compliance required for PCI certification and validation on behalf of the merchant or service provider.

According to the PCI Security Standards Council, all QSAs must attend a training class and pass an exam in order to have a basic knowledge and understanding of PCI DSS.

The actual PCI Data Security Standards include 12 major requirements for validation and certification under six main auditing areas or "control objectives".

All of the compliance areas include basic security rules that most merchants and service providers should already have in place, or have a familiarity with them when audited.

The six main control objectives for PCI DSS compliance and validation are as follows:

• Build and Maintain a Secure Network
  
  
• Protect Cardholder Data
  
  
• Maintain a Vulnerability Management Program
  
  
• Implement Strong Access Control Measures
  
  
• Regularly Monitor and Test Networks

                    

Print this page

Send this page to a friend

PCI DSS: 5 Guidelines for Gaining PCI Compliance Step 1: An Introduction to PCI Compliance PCI Compliance Introduction Who Put the DSS in PCI? Step 2: Finding The PCI DSS Merchant, Service and Compliance Level Should Your Organization be Concerned about PCI Compliance? PCI DSS: The Visa CISP Program MasterCard SDA Program Defining Merchant Validation Levels Level 4 Merchant Compliance Visa PCI CAP Program Defining Service Provider Validation Levels Acquirer Responsibility Calculating Merchant Transactions PCI DSS: Visa and MasterCard Quick Reference Guide Step 3: Attaining PCI DSS Compliance-Merchant Security Audits: 12 Requirements Build and Maintain a Secure Network Protect Cardholder Data Maintain a Vulnerability Management Program Implement Strong Access Control Measures Regularly Monitor and Test Networks Step 4: Finding a PCI DSS Approved Scanning Vendor (ASV) Do You Need an ASV? Merchant and Service Provider Scanning Requirements Compliance Reporting Visa and Compliance Reporting MasterCard and Compliance Reporting Step 5: Completing the PCI DSS Self Questionnaire Completing the PCI DSS Self Questionnaire PCI Compliance Polls Are you currently PCI Compliant? Yes No Working towards compliance Why are you looking at PCI Compliance Required By Credit Card Processor Required By Bank Want to meet industry standards Looking to secure network What merchant level do you fall under for PCI Compliance? Level 1 Level 2 Level 3 Level 4 I have no idea View PCI Merchant Level Results View All PCI Compliance Poll Results EV SSL Certificate Guide Sponsored Listing: