SlideShare a Scribd company logo

StandardsWritingExample-PSG_PA-DSS_Implementation_Guidepages1&3&6&18

David Dinwoodie
David Dinwoodie
1 of 4
Download to read offline
PSG Retailer PA-DSS Implementation Guide PSG Retailer PSG, Inc. PA-DSS Implementation Guide April 10, 2012 PSG 7349 Crossleigh Ct Toledo, OH 43617-3108 (800) 684-0347
PSG Retailer PA-DSS Implementation Guide Page 3 of 20 The Payment Application Data Security Standard Implementation Guide (PA-DSS Implementation Guide) is a software vendor provided guide on the responsibilities for implementing PCI Security Standards as it applies to the specific software.4,5 1.4 Being PCI DSS and PA-DSS Compliant PSG Retailer6 uses PCCharge7 software to process credit cards. PCCharge is a PA-DSS validated payment application8 which has been integrated with PSG Retailer. PCCharge is a PA-DSS validated solution that features many security safeguards and anti-fraud controls. Through its use, stores are one step closer to achieving PCI (Payment Card Industry) compliance and protecting their business interests. PSG Retailer has been upgraded to be more secure and to help a store achieve PCI compliance. However, many aspects of PA-DSS include store, site, and user specific responsibilities outside the scope and control of PSG Retailer software, PCCharge software, and PSG. The software provider is responsible for providing a software specific PA-DSS Implementation Guide to help a store be PCI compliant. The store is responsible for achieving all PCI DSS requirements.9 This guide will assist a store in meeting those requirements to be PA-DSS compliant. 1.5 About the PSG PA-DSS Implementation Guide There are 12 basic requirements for PCI compliance. The requirements have been grouped into sections for the purpose of this guide. The following pages contain a brief review of these requirements with PSG Retailer specific guidelines. The store is responsible for knowing and meeting the PCI standards. PA-DSS requirements and subsections not listed are not the responsibility of the software vendor.10 For more information, and to download detailed PCI requirements documentation, visit http://www.pcisecuritystandards.org 4 ibid. 5 Payment Card Industry (PCI). (2008). PA-DSS Program Guide. Retrieved from PCI Security Standards website: https://www.pcisecuritystandards.org/documents/pci_pa_dss_program_guide.pdf 6 PSG Retailer is owned and authored by PSG, Inc. (2012), Toledo, OH. 7 PCCharge is a product of VeriFone. 8 PCCharge. (2012). PCCharge. Retrieved from http://www.pccharge.com. Last accessed December 27, 2011 9 Payment Card Industry (PCI), PA-DSS Program Guide, loc. cit. 10 Payment Card Industry (PCI), PA-DSS Program Guide, loc. cit.
PSG Retailer PA-DSS Implementation Guide Page 6 of 20 4. Table of Contents 1. Introduction ....................................................................................................................................... 2 1.1 Purpose...................................................................................................................................................... 2 1.2 About PCI Security Standards .................................................................................................................... 2 1.3 PCI DSS, PA-DSS, and the PA-DSS Implementation Guide........................................................................ 2 1.4 Being PCI DSS and PA-DSS Compliant...................................................................................................... 3 1.5 About the PSG PA-DSS Implementation Guide........................................................................................... 3 2. Definitions.......................................................................................................................................... 4 2.1 Terms......................................................................................................................................................... 4 3. Revision History................................................................................................................................ 5 3.1 History........................................................................................................................................................ 5 4. Table of Contents.............................................................................................................................. 6 5. PCI DSS Overview............................................................................................................................. 7 6. PCI PA-DSS Overview....................................................................................................................... 8 7. Guidelines for Compliance............................................................................................................... 9 PA-DSS 1.1.4................................................................................................................................................... 9 PA-DSS 1.1.5................................................................................................................................................... 9 PA-DSS 2.1...................................................................................................................................................... 9 PA-DSS 2.5.................................................................................................................................................... 10 PA-DSS 2.6.................................................................................................................................................... 10 PA-DSS 2.7.................................................................................................................................................... 10 PA-DSS 2: Supplemental ............................................................................................................................... 10 PA-DSS 3.1.................................................................................................................................................... 11 PA-DSS 3.2.................................................................................................................................................... 11 PA-DSS 3: Supplemental ............................................................................................................................... 11 PA-DSS 4.1.................................................................................................................................................... 13 PA-DSS 4.4.................................................................................................................................................... 13 PA-DSS 5.4.................................................................................................................................................... 14 PA-DSS 6.1.................................................................................................................................................... 14 PA-DSS 6.2.................................................................................................................................................... 15 PA-DSS 9.1.................................................................................................................................................... 15 PA-DSS 10.2.................................................................................................................................................. 15 PA-DSS 10.3.1............................................................................................................................................... 16 PA-DSS 10.3.2............................................................................................................................................... 17 PA-DSS 11.1.................................................................................................................................................. 17 PA-DSS 11.2.................................................................................................................................................. 17 PA-DSS 11: Supplemental ............................................................................................................................. 18 PA-DSS 12.1.................................................................................................................................................. 18 8. Resources........................................................................................................................................ 20 8.1 References............................................................................................................................................... 20
PSG Retailer PA-DSS Implementation Guide Page 18 of 20 PA-DSS 11: Supplemental Building a Strong Network In order to maintain data security, a strong firewall configuration and policy should be in place16 x Ensure the firewall policy includes both wired and wireless connections. x Review firewall and router rule sets quarterly. x Include a testing and approval policy for firewall standards. x Document services and ports necessary for business. x Build a firewall configuration that denies all traffic from “untrusted” networks and hosts, except for protocols necessary for the cardholder data environment. x Build a firewall configuration that restricts connections between publicly accessible servers and any system component storing cardholder data, including any connections from wireless networks. x Restrict inbound and outbound traffic to that which is necessary for the cardholder data environment. x Prohibit direct public access between external networks and any system component that stores cardholder data (for example, databases, logs, trace files). Guidelines can be found at the PCI Security Standards website: https://www.pcisecuritystandards.org/documents/information_supplement_6.6.pdf https://www.pcisecuritystandards.org/security_standards/documents.php?category=supplement s PA-DSS 12.1 Topic Encrypt non-console administrative access. Background When a person connects to a computer remotely over a local area network (LAN), wide area network (WAN), VPN, intranet, extranet, internet, or any other network, this is non-console administrative access. Examples include Remote Desktop, GoToMyPC, VNC, pcAnywhere, and SSH. Any other method where the user is not physically at the computer is more than likely also considered non-console administrative access. Unencrypted non-console administrative access (for example telnet, VNC) is prohibited. While non-console access is not supported, nor applicable, use of non-console access administrative access will not interfere with PSG Retailer. Action All non-console administrative access must be encrypted with technologies like SSL/TLS, IPSEC, SSH, or a secure VPN. 16 Payment Card Industry (PCI). (n.d.). Information Supplements. Available at: https://www.pcisecuritystandards.org/security_standards/documents.php?category=supplements

Recommended

2021 data discovery expert reference guide
2021 data discovery expert reference guide2021 data discovery expert reference guide
2021 data discovery expert reference guideAnkitKumar250429
 
Pcidss
PcidssPcidss
Pcidssyazsapa
 
2020 dm expert reference guide
2020 dm expert reference guide2020 dm expert reference guide
2020 dm expert reference guideAnkitKumar250429
 
2020 cookies expert reference guide
2020 cookies expert reference guide2020 cookies expert reference guide
2020 cookies expert reference guideAnkitKumar250429
 
Pci Saq D
Pci Saq DPci Saq D
Pci Saq DJeffrey Katz
 
Esm scg intrusion_6.0c
Esm scg intrusion_6.0cEsm scg intrusion_6.0c
Esm scg intrusion_6.0cProtect724v3
 
2020 vrm expert reference guide
2020 vrm expert reference guide2020 vrm expert reference guide
2020 vrm expert reference guideAnkitKumar250429
 
Gartner Storage Service Provider_04042001
Gartner Storage Service Provider_04042001Gartner Storage Service Provider_04042001
Gartner Storage Service Provider_04042001carlos_roman
 

Recommended

2021 data discovery expert reference guide
2021 data discovery expert reference guide2021 data discovery expert reference guide
2021 data discovery expert reference guideAnkitKumar250429
 
Pcidss
PcidssPcidss
Pcidssyazsapa
 
2020 dm expert reference guide
2020 dm expert reference guide2020 dm expert reference guide
2020 dm expert reference guideAnkitKumar250429
 
2020 cookies expert reference guide
2020 cookies expert reference guide2020 cookies expert reference guide
2020 cookies expert reference guideAnkitKumar250429
 
Pci Saq D
Pci Saq DPci Saq D
Pci Saq DJeffrey Katz
 
Esm scg intrusion_6.0c
Esm scg intrusion_6.0cEsm scg intrusion_6.0c
Esm scg intrusion_6.0cProtect724v3
 
2020 vrm expert reference guide
2020 vrm expert reference guide2020 vrm expert reference guide
2020 vrm expert reference guideAnkitKumar250429
 
Gartner Storage Service Provider_04042001
Gartner Storage Service Provider_04042001Gartner Storage Service Provider_04042001
Gartner Storage Service Provider_04042001carlos_roman
 
10 Steps To Secure and PCI Compliant Credit Card Processing In Oracle Receiva...
10 Steps To Secure and PCI Compliant Credit Card Processing In Oracle Receiva...10 Steps To Secure and PCI Compliant Credit Card Processing In Oracle Receiva...
10 Steps To Secure and PCI Compliant Credit Card Processing In Oracle Receiva...amadhireddy
 
When does a company need to be PCI compliant
When does a company need to be PCI compliantWhen does a company need to be PCI compliant
When does a company need to be PCI compliantDivya Kothari
 
2020 dsar expert reference guide
2020 dsar expert reference guide2020 dsar expert reference guide
2020 dsar expert reference guideAnkitKumar250429
 
IRJET- Keep It – A System to Store Certificates and Develop a Profile
IRJET- Keep It – A System to Store Certificates and Develop a ProfileIRJET- Keep It – A System to Store Certificates and Develop a Profile
IRJET- Keep It – A System to Store Certificates and Develop a ProfileIRJET Journal
 
Fastiron 08040-icx7250-installguide
Fastiron 08040-icx7250-installguideFastiron 08040-icx7250-installguide
Fastiron 08040-icx7250-installguideMP Casanova
 
Pci dss compliance
Pci dss compliancePci dss compliance
Pci dss compliancepcidss14s
 
Jordan ahli bank plc psd2 api details
Jordan ahli bank plc psd2 api detailsJordan ahli bank plc psd2 api details
Jordan ahli bank plc psd2 api detailsahli bank
 
Business Identity Theft Kit
Business Identity Theft KitBusiness Identity Theft Kit
Business Identity Theft Kit- Mark - Fullbright
 
Information for Businesses - ca
Information for Businesses - caInformation for Businesses - ca
Information for Businesses - ca- Mark - Fullbright
 
Blockchain Technology And Innovation In Insurance Sector
Blockchain Technology And Innovation In Insurance SectorBlockchain Technology And Innovation In Insurance Sector
Blockchain Technology And Innovation In Insurance SectorBlockchain Council
 
Information for tpp regarding jordan ahli bank psd2 api
Information for tpp regarding jordan ahli bank psd2 apiInformation for tpp regarding jordan ahli bank psd2 api
Information for tpp regarding jordan ahli bank psd2 apiahli bank
 
Evening Newsletter 31st December 2013
Evening Newsletter 31st December 2013Evening Newsletter 31st December 2013
Evening Newsletter 31st December 2013kailash soni
 
IRJET - A Survey of Issues in Health Insurance System and Solution through Bl...
IRJET - A Survey of Issues in Health Insurance System and Solution through Bl...IRJET - A Survey of Issues in Health Insurance System and Solution through Bl...
IRJET - A Survey of Issues in Health Insurance System and Solution through Bl...IRJET Journal
 
eBook - Make ICD-10 Easier
eBook - Make ICD-10 EasiereBook - Make ICD-10 Easier
eBook - Make ICD-10 EasierNextGen Healthcare
 
Reducing cardholder data footprint with tokenization and other techniques
Reducing cardholder data footprint with tokenization and other techniquesReducing cardholder data footprint with tokenization and other techniques
Reducing cardholder data footprint with tokenization and other techniquesVISTA InfoSec
 
Myths of PCI DSS
Myths of PCI DSSMyths of PCI DSS
Myths of PCI DSSAnton Chuvakin
 
eCommerce Summit Atlanta Mountain Media
eCommerce Summit Atlanta Mountain MediaeCommerce Summit Atlanta Mountain Media
eCommerce Summit Atlanta Mountain MediaeCommerce Merchants
 
Ecommerce law compliances_u_easp898
Ecommerce law compliances_u_easp898Ecommerce law compliances_u_easp898
Ecommerce law compliances_u_easp898AnkitKumar250429
 
Payment card industry data security standard 1
Payment card industry data security standard 1Payment card industry data security standard 1
Payment card industry data security standard 1wardell henley
 
Primera fase
Primera fasePrimera fase
Primera fasepracticablog11
 
Las mejores cuatris 1
Las mejores cuatris 1Las mejores cuatris 1
Las mejores cuatris 1Juan Carlos Limon
 
2014 οργανωτ επιτρ κινημ εβδομαδασ
2014 οργανωτ επιτρ κινημ εβδομαδασ2014 οργανωτ επιτρ κινημ εβδομαδασ
2014 οργανωτ επιτρ κινημ εβδομαδασserreschools
 

More Related Content

What's hot

10 Steps To Secure and PCI Compliant Credit Card Processing In Oracle Receiva...
10 Steps To Secure and PCI Compliant Credit Card Processing In Oracle Receiva...10 Steps To Secure and PCI Compliant Credit Card Processing In Oracle Receiva...
10 Steps To Secure and PCI Compliant Credit Card Processing In Oracle Receiva...amadhireddy
 
When does a company need to be PCI compliant
When does a company need to be PCI compliantWhen does a company need to be PCI compliant
When does a company need to be PCI compliantDivya Kothari
 
2020 dsar expert reference guide
2020 dsar expert reference guide2020 dsar expert reference guide
2020 dsar expert reference guideAnkitKumar250429
 
IRJET- Keep It – A System to Store Certificates and Develop a Profile
IRJET- Keep It – A System to Store Certificates and Develop a ProfileIRJET- Keep It – A System to Store Certificates and Develop a Profile
IRJET- Keep It – A System to Store Certificates and Develop a ProfileIRJET Journal
 
Fastiron 08040-icx7250-installguide
Fastiron 08040-icx7250-installguideFastiron 08040-icx7250-installguide
Fastiron 08040-icx7250-installguideMP Casanova
 
Pci dss compliance
Pci dss compliancePci dss compliance
Pci dss compliancepcidss14s
 
Jordan ahli bank plc psd2 api details
Jordan ahli bank plc psd2 api detailsJordan ahli bank plc psd2 api details
Jordan ahli bank plc psd2 api detailsahli bank
 
Blockchain Technology And Innovation In Insurance Sector
Blockchain Technology And Innovation In Insurance SectorBlockchain Technology And Innovation In Insurance Sector
Blockchain Technology And Innovation In Insurance SectorBlockchain Council
 
Information for tpp regarding jordan ahli bank psd2 api
Information for tpp regarding jordan ahli bank psd2 apiInformation for tpp regarding jordan ahli bank psd2 api
Information for tpp regarding jordan ahli bank psd2 apiahli bank
 
Evening Newsletter 31st December 2013
Evening Newsletter 31st December 2013Evening Newsletter 31st December 2013
Evening Newsletter 31st December 2013kailash soni
 
IRJET - A Survey of Issues in Health Insurance System and Solution through Bl...
IRJET - A Survey of Issues in Health Insurance System and Solution through Bl...IRJET - A Survey of Issues in Health Insurance System and Solution through Bl...
IRJET - A Survey of Issues in Health Insurance System and Solution through Bl...IRJET Journal
 
Reducing cardholder data footprint with tokenization and other techniques
Reducing cardholder data footprint with tokenization and other techniquesReducing cardholder data footprint with tokenization and other techniques
Reducing cardholder data footprint with tokenization and other techniquesVISTA InfoSec
 
eCommerce Summit Atlanta Mountain Media
eCommerce Summit Atlanta Mountain MediaeCommerce Summit Atlanta Mountain Media
eCommerce Summit Atlanta Mountain MediaeCommerce Merchants
 
Ecommerce law compliances_u_easp898
Ecommerce law compliances_u_easp898Ecommerce law compliances_u_easp898
Ecommerce law compliances_u_easp898AnkitKumar250429
 
Payment card industry data security standard 1
Payment card industry data security standard 1Payment card industry data security standard 1
Payment card industry data security standard 1wardell henley
 

What's hot (19)

10 Steps To Secure and PCI Compliant Credit Card Processing In Oracle Receiva...
10 Steps To Secure and PCI Compliant Credit Card Processing In Oracle Receiva...10 Steps To Secure and PCI Compliant Credit Card Processing In Oracle Receiva...
10 Steps To Secure and PCI Compliant Credit Card Processing In Oracle Receiva...
 
When does a company need to be PCI compliant
When does a company need to be PCI compliantWhen does a company need to be PCI compliant
When does a company need to be PCI compliant
 
2020 dsar expert reference guide
2020 dsar expert reference guide2020 dsar expert reference guide
2020 dsar expert reference guide
 
IRJET- Keep It – A System to Store Certificates and Develop a Profile
IRJET- Keep It – A System to Store Certificates and Develop a ProfileIRJET- Keep It – A System to Store Certificates and Develop a Profile
IRJET- Keep It – A System to Store Certificates and Develop a Profile
 
Fastiron 08040-icx7250-installguide
Fastiron 08040-icx7250-installguideFastiron 08040-icx7250-installguide
Fastiron 08040-icx7250-installguide
 
Pci dss compliance
Pci dss compliancePci dss compliance
Pci dss compliance
 
Jordan ahli bank plc psd2 api details
Jordan ahli bank plc psd2 api detailsJordan ahli bank plc psd2 api details
Jordan ahli bank plc psd2 api details
 
Business Identity Theft Kit
Business Identity Theft KitBusiness Identity Theft Kit
Business Identity Theft Kit
 
Information for Businesses - ca
Information for Businesses - caInformation for Businesses - ca
Information for Businesses - ca
 
Blockchain Technology And Innovation In Insurance Sector
Blockchain Technology And Innovation In Insurance SectorBlockchain Technology And Innovation In Insurance Sector
Blockchain Technology And Innovation In Insurance Sector
 
Information for tpp regarding jordan ahli bank psd2 api
Information for tpp regarding jordan ahli bank psd2 apiInformation for tpp regarding jordan ahli bank psd2 api
Information for tpp regarding jordan ahli bank psd2 api
 
Evening Newsletter 31st December 2013
Evening Newsletter 31st December 2013Evening Newsletter 31st December 2013
Evening Newsletter 31st December 2013
 
IRJET - A Survey of Issues in Health Insurance System and Solution through Bl...
IRJET - A Survey of Issues in Health Insurance System and Solution through Bl...IRJET - A Survey of Issues in Health Insurance System and Solution through Bl...
IRJET - A Survey of Issues in Health Insurance System and Solution through Bl...
 
eBook - Make ICD-10 Easier
eBook - Make ICD-10 EasiereBook - Make ICD-10 Easier
eBook - Make ICD-10 Easier
 
Reducing cardholder data footprint with tokenization and other techniques
Reducing cardholder data footprint with tokenization and other techniquesReducing cardholder data footprint with tokenization and other techniques
Reducing cardholder data footprint with tokenization and other techniques
 
Myths of PCI DSS
Myths of PCI DSSMyths of PCI DSS
Myths of PCI DSS
 
eCommerce Summit Atlanta Mountain Media
eCommerce Summit Atlanta Mountain MediaeCommerce Summit Atlanta Mountain Media
eCommerce Summit Atlanta Mountain Media
 
Ecommerce law compliances_u_easp898
Ecommerce law compliances_u_easp898Ecommerce law compliances_u_easp898
Ecommerce law compliances_u_easp898
 
Payment card industry data security standard 1
Payment card industry data security standard 1Payment card industry data security standard 1
Payment card industry data security standard 1
 

Viewers also liked

2014 οργανωτ επιτρ κινημ εβδομαδασ
2014 οργανωτ επιτρ κινημ εβδομαδασ2014 οργανωτ επιτρ κινημ εβδομαδασ
2014 οργανωτ επιτρ κινημ εβδομαδασserreschools
 
συντονισμοσ δρασεων αλληλεγγυησ
συντονισμοσ δρασεων αλληλεγγυησσυντονισμοσ δρασεων αλληλεγγυησ
συντονισμοσ δρασεων αλληλεγγυησserreschools
 
Buscardwomanhill3view
Buscardwomanhill3viewBuscardwomanhill3view
Buscardwomanhill3viewRatElegance
 
New 1 worksheet_failures
New 1 worksheet_failuresNew 1 worksheet_failures
New 1 worksheet_failuresZiya-B
 
Criterios evaluación principio de curso
Criterios evaluación principio de cursoCriterios evaluación principio de curso
Criterios evaluación principio de cursonoemiacien
 

Viewers also liked (11)

Primera fase
Primera fasePrimera fase
Primera fase
 
Las mejores cuatris 1
Las mejores cuatris 1Las mejores cuatris 1
Las mejores cuatris 1
 
2014 οργανωτ επιτρ κινημ εβδομαδασ
2014 οργανωτ επιτρ κινημ εβδομαδασ2014 οργανωτ επιτρ κινημ εβδομαδασ
2014 οργανωτ επιτρ κινημ εβδομαδασ
 
συντονισμοσ δρασεων αλληλεγγυησ
συντονισμοσ δρασεων αλληλεγγυησσυντονισμοσ δρασεων αλληλεγγυησ
συντονισμοσ δρασεων αλληλεγγυησ
 
Plandenegocioramon
PlandenegocioramonPlandenegocioramon
Plandenegocioramon
 
Buscardwomanhill3view
Buscardwomanhill3viewBuscardwomanhill3view
Buscardwomanhill3view
 
New 1 worksheet_failures
New 1 worksheet_failuresNew 1 worksheet_failures
New 1 worksheet_failures
 
Criterios evaluación principio de curso
Criterios evaluación principio de cursoCriterios evaluación principio de curso
Criterios evaluación principio de curso
 
Maps and globes
Maps and globesMaps and globes
Maps and globes
 
Xpo pegasus
Xpo pegasusXpo pegasus
Xpo pegasus
 
Las mejores cuatris 1
Las mejores cuatris 1Las mejores cuatris 1
Las mejores cuatris 1
 

Similar to StandardsWritingExample-PSG_PA-DSS_Implementation_Guidepages1&3&6&18

Quick Reference Guide to the PCI Data Security Standard
Quick Reference Guide to the PCI Data Security StandardQuick Reference Guide to the PCI Data Security Standard
Quick Reference Guide to the PCI Data Security Standard- Mark - Fullbright
 
Reduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - WhitepaperReduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - WhitepaperShaun O'keeffe
 
Webinar - pci dss 4.0 updates
Webinar - pci dss 4.0 updates Webinar - pci dss 4.0 updates
Webinar - pci dss 4.0 updates VISTA InfoSec
 
Understanding Your PCI DSS Guidelines: Successes and Failures
Understanding Your PCI DSS Guidelines: Successes and FailuresUnderstanding Your PCI DSS Guidelines: Successes and Failures
Understanding Your PCI DSS Guidelines: Successes and Failures- Mark - Fullbright
 
Requirements and Security Assessment Procedure for C7 To Be PCI DSS Compliant
Requirements and Security Assessment Procedure for C7 To Be PCI DSS CompliantRequirements and Security Assessment Procedure for C7 To Be PCI DSS Compliant
Requirements and Security Assessment Procedure for C7 To Be PCI DSS CompliantOlivia Grey
 
PCI Servces - PCI Compliance Questionnaire
PCI Servces - PCI Compliance QuestionnairePCI Servces - PCI Compliance Questionnaire
PCI Servces - PCI Compliance QuestionnaireRichard Common
 
Payment card industry data security standard
Payment card industry data security standardPayment card industry data security standard
Payment card industry data security standardsallychiu
 
Acertigo AG on SBS Talk 2011
Acertigo AG on SBS Talk 2011Acertigo AG on SBS Talk 2011
Acertigo AG on SBS Talk 2011Acertigo
 
Pci dss scoping and segmentation with links converted-converted
Pci dss scoping and segmentation with links converted-convertedPci dss scoping and segmentation with links converted-converted
Pci dss scoping and segmentation with links converted-convertedVISTA InfoSec
 
Verizon 2014 pci compliance report
Verizon 2014 pci compliance reportVerizon 2014 pci compliance report
Verizon 2014 pci compliance reportBee_Ware
 
Verizon 2014 PCI Compliance Report
Verizon 2014 PCI Compliance ReportVerizon 2014 PCI Compliance Report
Verizon 2014 PCI Compliance Report- Mark - Fullbright
 
PCI DSS Slidecast
PCI DSS SlidecastPCI DSS Slidecast
PCI DSS SlidecastRobertXia
 
ECMTA 2009 PCI Compliance and the Ecommerce Merchant
ECMTA 2009 PCI Compliance and the Ecommerce MerchantECMTA 2009 PCI Compliance and the Ecommerce Merchant
ECMTA 2009 PCI Compliance and the Ecommerce MerchantMelanie Beam
 
Cisp payment application_best_practices
Cisp payment application_best_practicesCisp payment application_best_practices
Cisp payment application_best_practiceskcmani15
 

Similar to StandardsWritingExample-PSG_PA-DSS_Implementation_Guidepages1&3&6&18 (20)

Quick Reference Guide to the PCI Data Security Standard
Quick Reference Guide to the PCI Data Security StandardQuick Reference Guide to the PCI Data Security Standard
Quick Reference Guide to the PCI Data Security Standard
 
Reduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - WhitepaperReduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - Whitepaper
 
Webinar - pci dss 4.0 updates
Webinar - pci dss 4.0 updates Webinar - pci dss 4.0 updates
Webinar - pci dss 4.0 updates
 
Pci ssc quick reference guide
Pci ssc quick reference guidePci ssc quick reference guide
Pci ssc quick reference guide
 
Understanding Your PCI DSS Guidelines: Successes and Failures
Understanding Your PCI DSS Guidelines: Successes and FailuresUnderstanding Your PCI DSS Guidelines: Successes and Failures
Understanding Your PCI DSS Guidelines: Successes and Failures
 
Vss pcicomus-en
Vss pcicomus-enVss pcicomus-en
Vss pcicomus-en
 
Requirements and Security Assessment Procedure for C7 To Be PCI DSS Compliant
Requirements and Security Assessment Procedure for C7 To Be PCI DSS CompliantRequirements and Security Assessment Procedure for C7 To Be PCI DSS Compliant
Requirements and Security Assessment Procedure for C7 To Be PCI DSS Compliant
 
PA-DSS Certification
PA-DSS CertificationPA-DSS Certification
PA-DSS Certification
 
PCI Servces - PCI Compliance Questionnaire
PCI Servces - PCI Compliance QuestionnairePCI Servces - PCI Compliance Questionnaire
PCI Servces - PCI Compliance Questionnaire
 
Payment card industry data security standard
Payment card industry data security standardPayment card industry data security standard
Payment card industry data security standard
 
Pcidss qr gv3_1
Pcidss qr gv3_1Pcidss qr gv3_1
Pcidss qr gv3_1
 
Pci dss v2
Pci dss v2Pci dss v2
Pci dss v2
 
Acertigo AG on SBS Talk 2011
Acertigo AG on SBS Talk 2011Acertigo AG on SBS Talk 2011
Acertigo AG on SBS Talk 2011
 
Pci dss scoping and segmentation with links converted-converted
Pci dss scoping and segmentation with links converted-convertedPci dss scoping and segmentation with links converted-converted
Pci dss scoping and segmentation with links converted-converted
 
Verizon 2014 pci compliance report
Verizon 2014 pci compliance reportVerizon 2014 pci compliance report
Verizon 2014 pci compliance report
 
Verizon 2014 PCI Compliance Report
Verizon 2014 PCI Compliance ReportVerizon 2014 PCI Compliance Report
Verizon 2014 PCI Compliance Report
 
PCI DSS Slidecast
PCI DSS SlidecastPCI DSS Slidecast
PCI DSS Slidecast
 
PCI-DSS for IDRBT
PCI-DSS for IDRBTPCI-DSS for IDRBT
PCI-DSS for IDRBT
 
ECMTA 2009 PCI Compliance and the Ecommerce Merchant
ECMTA 2009 PCI Compliance and the Ecommerce MerchantECMTA 2009 PCI Compliance and the Ecommerce Merchant
ECMTA 2009 PCI Compliance and the Ecommerce Merchant
 
Cisp payment application_best_practices
Cisp payment application_best_practicesCisp payment application_best_practices
Cisp payment application_best_practices
 

StandardsWritingExample-PSG_PA-DSS_Implementation_Guidepages1&3&6&18

  • 1. PSG Retailer PA-DSS Implementation Guide PSG Retailer PSG, Inc. PA-DSS Implementation Guide April 10, 2012 PSG 7349 Crossleigh Ct Toledo, OH 43617-3108 (800) 684-0347
  • 2. PSG Retailer PA-DSS Implementation Guide Page 3 of 20 The Payment Application Data Security Standard Implementation Guide (PA-DSS Implementation Guide) is a software vendor provided guide on the responsibilities for implementing PCI Security Standards as it applies to the specific software.4,5 1.4 Being PCI DSS and PA-DSS Compliant PSG Retailer6 uses PCCharge7 software to process credit cards. PCCharge is a PA-DSS validated payment application8 which has been integrated with PSG Retailer. PCCharge is a PA-DSS validated solution that features many security safeguards and anti-fraud controls. Through its use, stores are one step closer to achieving PCI (Payment Card Industry) compliance and protecting their business interests. PSG Retailer has been upgraded to be more secure and to help a store achieve PCI compliance. However, many aspects of PA-DSS include store, site, and user specific responsibilities outside the scope and control of PSG Retailer software, PCCharge software, and PSG. The software provider is responsible for providing a software specific PA-DSS Implementation Guide to help a store be PCI compliant. The store is responsible for achieving all PCI DSS requirements.9 This guide will assist a store in meeting those requirements to be PA-DSS compliant. 1.5 About the PSG PA-DSS Implementation Guide There are 12 basic requirements for PCI compliance. The requirements have been grouped into sections for the purpose of this guide. The following pages contain a brief review of these requirements with PSG Retailer specific guidelines. The store is responsible for knowing and meeting the PCI standards. PA-DSS requirements and subsections not listed are not the responsibility of the software vendor.10 For more information, and to download detailed PCI requirements documentation, visit http://www.pcisecuritystandards.org 4 ibid. 5 Payment Card Industry (PCI). (2008). PA-DSS Program Guide. Retrieved from PCI Security Standards website: https://www.pcisecuritystandards.org/documents/pci_pa_dss_program_guide.pdf 6 PSG Retailer is owned and authored by PSG, Inc. (2012), Toledo, OH. 7 PCCharge is a product of VeriFone. 8 PCCharge. (2012). PCCharge. Retrieved from http://www.pccharge.com. Last accessed December 27, 2011 9 Payment Card Industry (PCI), PA-DSS Program Guide, loc. cit. 10 Payment Card Industry (PCI), PA-DSS Program Guide, loc. cit.
  • 3. PSG Retailer PA-DSS Implementation Guide Page 6 of 20 4. Table of Contents 1. Introduction ....................................................................................................................................... 2 1.1 Purpose...................................................................................................................................................... 2 1.2 About PCI Security Standards .................................................................................................................... 2 1.3 PCI DSS, PA-DSS, and the PA-DSS Implementation Guide........................................................................ 2 1.4 Being PCI DSS and PA-DSS Compliant...................................................................................................... 3 1.5 About the PSG PA-DSS Implementation Guide........................................................................................... 3 2. Definitions.......................................................................................................................................... 4 2.1 Terms......................................................................................................................................................... 4 3. Revision History................................................................................................................................ 5 3.1 History........................................................................................................................................................ 5 4. Table of Contents.............................................................................................................................. 6 5. PCI DSS Overview............................................................................................................................. 7 6. PCI PA-DSS Overview....................................................................................................................... 8 7. Guidelines for Compliance............................................................................................................... 9 PA-DSS 1.1.4................................................................................................................................................... 9 PA-DSS 1.1.5................................................................................................................................................... 9 PA-DSS 2.1...................................................................................................................................................... 9 PA-DSS 2.5.................................................................................................................................................... 10 PA-DSS 2.6.................................................................................................................................................... 10 PA-DSS 2.7.................................................................................................................................................... 10 PA-DSS 2: Supplemental ............................................................................................................................... 10 PA-DSS 3.1.................................................................................................................................................... 11 PA-DSS 3.2.................................................................................................................................................... 11 PA-DSS 3: Supplemental ............................................................................................................................... 11 PA-DSS 4.1.................................................................................................................................................... 13 PA-DSS 4.4.................................................................................................................................................... 13 PA-DSS 5.4.................................................................................................................................................... 14 PA-DSS 6.1.................................................................................................................................................... 14 PA-DSS 6.2.................................................................................................................................................... 15 PA-DSS 9.1.................................................................................................................................................... 15 PA-DSS 10.2.................................................................................................................................................. 15 PA-DSS 10.3.1............................................................................................................................................... 16 PA-DSS 10.3.2............................................................................................................................................... 17 PA-DSS 11.1.................................................................................................................................................. 17 PA-DSS 11.2.................................................................................................................................................. 17 PA-DSS 11: Supplemental ............................................................................................................................. 18 PA-DSS 12.1.................................................................................................................................................. 18 8. Resources........................................................................................................................................ 20 8.1 References............................................................................................................................................... 20
  • 4. PSG Retailer PA-DSS Implementation Guide Page 18 of 20 PA-DSS 11: Supplemental Building a Strong Network In order to maintain data security, a strong firewall configuration and policy should be in place16 x Ensure the firewall policy includes both wired and wireless connections. x Review firewall and router rule sets quarterly. x Include a testing and approval policy for firewall standards. x Document services and ports necessary for business. x Build a firewall configuration that denies all traffic from “untrusted” networks and hosts, except for protocols necessary for the cardholder data environment. x Build a firewall configuration that restricts connections between publicly accessible servers and any system component storing cardholder data, including any connections from wireless networks. x Restrict inbound and outbound traffic to that which is necessary for the cardholder data environment. x Prohibit direct public access between external networks and any system component that stores cardholder data (for example, databases, logs, trace files). Guidelines can be found at the PCI Security Standards website: https://www.pcisecuritystandards.org/documents/information_supplement_6.6.pdf https://www.pcisecuritystandards.org/security_standards/documents.php?category=supplement s PA-DSS 12.1 Topic Encrypt non-console administrative access. Background When a person connects to a computer remotely over a local area network (LAN), wide area network (WAN), VPN, intranet, extranet, internet, or any other network, this is non-console administrative access. Examples include Remote Desktop, GoToMyPC, VNC, pcAnywhere, and SSH. Any other method where the user is not physically at the computer is more than likely also considered non-console administrative access. Unencrypted non-console administrative access (for example telnet, VNC) is prohibited. While non-console access is not supported, nor applicable, use of non-console access administrative access will not interfere with PSG Retailer. Action All non-console administrative access must be encrypted with technologies like SSL/TLS, IPSEC, SSH, or a secure VPN. 16 Payment Card Industry (PCI). (n.d.). Information Supplements. Available at: https://www.pcisecuritystandards.org/security_standards/documents.php?category=supplements