Policy types for @turbot/aws-pciv3-2-1

AWS > PCI v3.2.1

AWS > PCI v3.2.1

The Payment Card Industry Data Security Standard (PCI DSS) was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally. PCI DSS provides a baseline of technical and operational requirements designed to protect account data. PCI DSS applies to all entities involved in payment card processing—including merchants, processors, acquirers, issuers, and service providers. PCI DSS also applies to all other entities that store, process or transmit cardholder data (CHD) and/or sensitive authentication data (SAD). Below is a high-level overview of the 12 PCI DSS requirements.

PCI Data Security Standard – High Level Overview

Build and Maintain a Secure Network and Systems

Install and maintain a firewall configuration to protect cardholder data
Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data

Protect stored cardholder data
Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program

Protect all systems against malware and regularly update anti-virus software or programs
Develop and maintain secure systems and applications

Implement Strong Access Control Measures

Restrict access to cardholder data by business need to know
Identify and authenticate access to system components
Restrict physical access to cardholder data

Regularly Monitor and Test Networks

Track and monitor all access to network resources and cardholder data
Regularly test security systems and processes

Maintain an Information Security Policy

Maintain a policy that addresses information security for all personnel.

To obtain the latest version of the official guide, please visit https://www.pcisecuritystandards.org/document_library?category=pcidss&document=pci_dss.

URI

tmod:@turbot/aws-pciv3-2-1#/policy/types/pci