PCI DSS Security Standards have for long been a hot topic of discussion in the industry. It may seem quite confusing and intimidating, as many organizations fail to understand its requirements and area of application.
2. Given below are systems to which PCI DSS Security requirements may be applicable.
1. System Components
The PCI DSS security requirements apply to all system components included in or connected
to the Cardholder Data Environment (CDE). “System components” includes all network
devices, servers, computing devices, and applications. So, any system component that stores
or processes, or transmits payment card information are considered as a part of CDE. One of
the best ways to determine the CDE is to document or map the way how payment information
flows throughout the environment. This will help you determine all systems and system
components that are subject to PCI Compliance.
2.Systems within the network
Systems that fall inside the same physical or logical network are also a part of the CDE. So,
systems cannot be easily excluded on grounds that systems do not store, process or,transmit
payment card information.
3.Third-Party
PCI DSS is also applicable if you are responsible for third parties that store or process or
transmit credit card information. So, for instance, a web hosting company that hosts an e-
commerce website that stores or processes or transmits cardholder data falls “in scope”. So,
in this case, the web hosting company is obliged to be PCI DSS Compliant. In such a
scenario, it the responsibility of an E-commerce company to check whether the web hosting
company is PCI Compliant or not, once a year. In case the vendor is not PCI DSS Compliant,
and if the company still wish to continue working with them, then it is their responsibility to
ensure the vendor is compliant.
Note- Every PCI DSS SECURITY requiremenTS/control apply to people, prOCESSES, and
tECHNOLOGIES that interact with or impact the SECURITY of CHD (Card Holder Data).
The objective of PCI DSS Compliance
We have listed down 6 primary goals/objectives of being PCI Data Security Standard Compliant
and they are asfollows:
1.Build and Maintain a Secure Network
One of the main objectives of being PCI DSS Compliant is to ensure that the organization builds
and maintains a secure network that protects all confidential data.
WayS to achieve it
Install and maintain a firewall configuration to protect cardholder data.
Avoid using vendor-supplied default system passwords and other security parameters.