The intent of this requirement is to address the acceptability of disk encryption for rendering cardholder data unreadable. Disk encryption encrypts data stored on a computer’s mass storage and automatically …

The intent of the one primary function per server requirement (Requirement 2 of the PCI DSS) is to ensure that your organization’s system configuration standards and related processes address server …

The role of the Advisory Board will be to provide strategic and technical guidance to the PCI Security Standards Council, reflecting different stakeholder perspectives. The Advisory Board does not have …

At a high level, adequate network segmentation isolates systems that store, process, or transmit cardholder data from those that do not. Network segmentation can be achieved through a number of …

The objective of PCI DSS Requirement 9.6.1 “Classify media so the sensitivity of the data can be determined,” is to ensure that media is controlled and protected against inadvertent or …

The PA-DSS details the requirements a payment application must meet in order to facilitate a customer’s PCI DSS compliance. PA-DSS validated payment applications, when implemented in a PCI DSS-compliant environment, …

PCI DSS Requirement 3.3 states that PAN must be masked when displayed (the first six and last four digits are the maximum number of digits to be displayed) such that …

In general, it is expected that a company would have a policy and process for background checks, including their own decision process for which background check results would have an …

The term “remote access” refers to access to a computer network from a location outside of that network. Examples of remote access include access from the Internet, an “untrusted” network …

The PCI Security Standards Council (PCI SSC) maintains a robust evaluation and qualification program for approved security assessors and scanning vendors. Information on becoming a qualified assessor or scan vendor …