Identify all locations that store, process, or transmit cardholder data
Create a network diagram that outlines flow of cardholder data
Establish a firewall to protect cardholder data
Use current and regularly updated antivirus software
Creation of unique IDs for each person with computer access
Cross-Check with PCI DSS compliance team in detail every requirement
Approval: Compliance Manager
Develop and maintain secure systems and applications
Restrict access to cardholder data on a business need-to-know basis
Ensure the encryption of transmission of cardholder data across open, public networks
Regular monitoring and testing of networks
Ensure physical security for the locations where cardholder data is stored
Provide information security policy to all personnel
Perform internal and external audits
Address any areas of non-compliance noted during audits
Approval: Security Team Lead
Maintenance of a Vulnerability Management Program
Implement strong access control measures
Maintain an Information Security Policy
Perform annual PCI compliance validation