This document outlines policies for securing ecommerce networks and data. It specifies that account numbers and cardholder data must be encrypted or truncated when stored. It also requires the use of network address translation to hide IP addresses, secure router and firewall configurations, unique usernames and passwords for authentication, a VPN for remote access, physical protection of equipment containing cardholder data, continuous monitoring of an intrusion detection system, and the use of symmetric and asymmetric encryption.