PCI DSS Implementation Project
Scenario
You have recently been asked to lead a project that will bring your organization into compliance with PCI DSS. You have never worked with PCI DSS, so you need help.
Solution
Register with the Bernard Institute for Cybersecurity Excellence. We can get your PCI DSS skills up-to-date and answer any questions you have.
PCI DSS at a Glance
The PCI DSS security requirements apply to all system components included in or connected to the cardholder data environment. The cardholder data environment (CDE) comprises people, processes, and technologies that store or transmit cardholder data or sensitive authentication data. “System components” include networks, servers, computing, and applications. Examples of system components include but are not limited to the following:
- Systems that provide security services (for example, authentication servers), facilitate segmentation (for example, internal firewalls), or may impact the security of (for example, name resolution or web redirection servers) the CDE.
- Virtualization components include virtual machines, switches/routers, appliances, applications/desktops, and hypervisors.
- Network components include firewalls, switches, routers, wireless access points, network appliances, and other security appliances.
- Server types include web, application, database, authentication, mail, proxy, Network Time Protocol (NTP), and Domain Name System (DNS).
- Applications include all purchased and custom applications, including internal and external (for example, Internet) applications.
- Any other component or device located within or connected to the CDE.
