by Cesar Navas
March 11, 2024
The Payment Card Industry Security Standards Council (PCI SSC) maintains, evolves, and promotes Payment Card Industry standards for the safety of cardholder data across the globe. The PCI SSC provides technical and operational requirements for organizations accepting or processing payment transactions. The guidance also applies to software developers and manufacturers of applications and devices used in those transactions. The Payment Card Industry Data Security Standard (PCI DSS) helps entities understand and implement standards for security policies, technologies, and ongoing processes that protect payment systems from breaches and theft of cardholder data.
The standards have historically been revised on a 2-3 year cycle, but the PCI SSC is transitioning to a posture of revising the PCI DSS as required based on changes to the current threat landscape. This report provides organizations with information which specifically measures against the compliance standards related to the Payment Card Industry Data Security Standard (PCI DSS). The PCI DSS security standard was formed in 2004 by Visa, MasterCard, Discover Financial Services, JCB International, and American Express and governed by thePCI SSC.
While the PCI SSC has no legal authority to compel compliance, the goal is to secure credit and debit card transactions against theft. However, compliance with the PCI DSS standard is a requirement for any business that processes credit or debit card transactions. This report references controls contained in PCI DSS v4.0, which was released in Q1 of 2022. Version 4.0 contains several updates to the previous version, some examples are updates to multi-factor authentication and password requirements, assigned roles and responsibilities, allowance of group, shared, and generic accounts, and more.
Tenable provides several solutions for organizations to better understand vulnerability management. Security leaders need to SEE everything, PREDICT what matters most and ACT to address cyber risk and effectively align cybersecurity initiatives with business objectives. Tenable Vulnerability Management (formerly Tenable.io) discovers and analyzes assets continuously to provide an accurate and unified view of an organization's security posture. The requirements for this report are: Tenable Vulnerability Management.
Chapters:
- Executive Summary: This chapter contains three elements which provide a high level overview summarizing results outlined in PCI DSS 4.0.
- Framework Result Summary: This chapter summarizes all the families outlined in PCI DSS 4.0.
- Control Summary: This chapter summarizes all the families outlined in PCI DSS 4.0.
- Audit Check Type Summary: This chapter provides details on each of the compliance controls for the compliance family group being referenced.
- Build and Maintain a Secure Network and Systems: This chapter provides details on each of the compliance controls for the compliance family group being referenced.
- Implement Strong Access Control Measures: This chapter provides details on each of the compliance controls for the compliance family group being referenced.
- Maintain a Vulnerability Management Program: This chapter provides details on each of the compliance controls for the compliance family group being referenced.
- Protect Account Data: This chapter provides details on each of the compliance controls for the compliance family group being referenced.
- Regularly Monitor and Test Networks: This chapter provides details on each of the compliance controls for the compliance family group being referenced.