Maintain a vulnerability management program

Requirement 5: Use and regularly update anti-virus software

Across the board, whether merchant, service provider, or average citizen, up-to-date anti-virus software can protect systems from viruses and malicious intrusions.

The three main points of this requirement are:

• Deploy anti-virus software on all systems commonly affected by viruses-Personal computers and servers.
• Ensure that anti-virus programs are capable of detecting, removing, and protecting against other forms of malicious software, including spyware and adware.
• Ensure that all anti-virus mechanisms are current, actively running, and capable of generating audit logs.

See https://www.pcisecuritystandards.org/pdfs/pci_audit_procedures_v1-1.pdf 5.1-5.2 for more information

Requirement 6: Develop and maintain secure systems and applications

Continuously updated, vendor-provided security patches and software patches can stop hackers from gaining access to network systems.

Attacks can come from not only hackers, but also employees and viruses.

The following PCI DSS requisites represent a sample of Requirement 6:

• All systems must have the most recently released appropriate software patches to protect against exploitation by employees, external hackers, and viruses.
• Implement a process to identify newly discovered security vulnerabilities-Subscribe to alert services on the Internet, or via anti-virus software.
• Develop software applications based on industry best practices-Visa's Payment Application Best Practices (PABP), for payment applications.
• Test all security patches system and software configurations before deployment.
• Removal of custom application accounts, usernames and passwords before applications become active or are released to customers.
• Review of custom code prior to release to production or customers in order to identify any potential coding vulnerability.

See https://www.pcisecuritystandards.org/pdfs/pci_audit_procedures_v1-1.pdf 6.1-6.6 for more information.

                    

Print this page

Send this page to a friend

PCI DSS: 5 Guidelines for Gaining PCI Compliance Step 1: An Introduction to PCI Compliance PCI Compliance Introduction Who Put the DSS in PCI? Step 2: Finding The PCI DSS Merchant, Service and Compliance Level Should Your Organization be Concerned about PCI Compliance? PCI DSS: The Visa CISP Program MasterCard SDA Program Defining Merchant Validation Levels Level 4 Merchant Compliance Visa PCI CAP Program Defining Service Provider Validation Levels Acquirer Responsibility Calculating Merchant Transactions PCI DSS: Visa and MasterCard Quick Reference Guide Step 3: Attaining PCI DSS Compliance-Merchant Security Audits: 12 Requirements Build and Maintain a Secure Network Protect Cardholder Data Maintain a Vulnerability Management Program Implement Strong Access Control Measures Regularly Monitor and Test Networks Step 4: Finding a PCI DSS Approved Scanning Vendor (ASV) Do You Need an ASV? Merchant and Service Provider Scanning Requirements Compliance Reporting Visa and Compliance Reporting MasterCard and Compliance Reporting Step 5: Completing the PCI DSS Self Questionnaire Completing the PCI DSS Self Questionnaire PCI Compliance Polls Are you currently PCI Compliant? Yes No Working towards compliance Why are you looking at PCI Compliance Required By Credit Card Processor Required By Bank Want to meet industry standards Looking to secure network What merchant level do you fall under for PCI Compliance? Level 1 Level 2 Level 3 Level 4 I have no idea View PCI Merchant Level Results View All PCI Compliance Poll Results EV SSL Certificate Guide Sponsored Listing: