What is PCI DSS

PCI DSS (Payment Card Industry Data Security Standard) is a security standard developed by the PCI Security Standards Council for payment card merchants and processors and is based on five global payment brands - American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc., who have agreed to include PCI DSS as a technical requirement for compliance with each of their data security programs.

PCI DSS is vital to the implementation of information security and best practices in the credit card industry.

PCI DSS includes 12 requirements and is applicable for any business that stores, processes or transmits cardholder data.

Requirements for building and
maintaining secure systems

The twelve requirements for building and
maintaining a secure network and systems can be
summarized as follows:

  1. 1

    Installing and maintaining a firewall configuration to protect cardholder data.

  2. 2

    Changing vendor-supplied defaults for system passwords and other security parameters.

  3. 3

    Protecting stored cardholder data.

  4. 4

    Encrypting transmission of cardholder data over open, public networks.

  5. 5

    Protecting all systems against malware and performing regular updates of anti-virus software.

  6. 6

    Developing and maintaining secure systems and applications.

  1. 7

    Developing and maintaining secure systems and applications.

  2. 8

    Identifying and authenticating access to system components.

  3. 9

    Restricting physical access to cardholder data.

  4. 10

    Tracking and monitoring all access to cardholder data and network resources.

  5. 11

    Testing security systems and processes regularly.

  6. 12

    Maintaining an information security policy for all personnel.

How The use of AIAST Helps Achieve PCI Compliance

AIAST is uniquely positioned to help implement a number of the key security requirements for PCI compliance:

Developing and maintaining secure systems and applications

AIAST provides a framework which proactively identifies and tests for new vulnerabilities and suggests remediation options.

Restricting access to cardholder data to only authorized personnel

The AIAST solution enables developers to run scans regularly without the need for dedicated security specialists liberating the ability to monitor the environment and identify vulnerabilities.

Tracking and monitoring all access to cardholder data and network resources

Building on the point above, AIAST can be adapted to monitor and detect unlawful access to cardholder data.

Testing security systems and processes regularly

AIAST is always active and trying to identify vulnerabilities. Unlike other solutions it does not have to be manually run by professional pen testers, but can be run by any developer, or QA professional, providing a higher level of confidence and security.