Previous PDF

swipe to navigate

The Payment Card Industry Data Security Standard (PCI-DSS) is a brief, pragmatic and very reasonable set of standards intended to guide financial institutions, retailers and other data processors in protecting data about credit cards and their owners.

It is organized into six logical categories:

  1. Build and Maintain a Secure Network.
  2. Protect Cardholder Data.
  3. Maintain a Vulnerability Management Program.
  4. Implement Strong Access Control Measures.
  5. Regularly Monitor and Test Networks.
  6. Maintain an Information Security Policy.

PCI-DSS is unique among major regulatory requirements for corporations and government agencies in that it specifically lays out what organizations must do and what they must not do to comply. This makes compliance much more straightforward than regulations such as SOX, HIPAA, etc. which are ambiguous in regards to information security.

To fulfill all of the requirements in PCI-DSS, organizations must deploy a combination of sound business practices and various security technologies, including firewalls, virus scanners, identity management systems and more.

The full text of the PCI DSS version 3.2 may be found here:

This document outlines how components of the Hitachi ID Identity and Access Management Suite can assist organizations in compliance with PCI-DSS.

Previous Next PDF