The intent of this course is to provide some extra test questions you may not have encountered that relate to the PCIDSSstandard version 3.2.1 re-qualification exam. Areas include, scoping, segmentation, assessing people, processes and technologies. If you have questions or suggestions for improvements, please don't hesitate to contact me and please leave a review!
PCIDSSVersion 4.0 is now published and will be phased in over the next two years. This version, 3.2.1 will remain active for two years (March 31, 2024 it will be retired).
The Payment Card Industry Data Security Standard (PCI DSS) was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally. PCI DSS provides a baseline of technical and operational requirements designed to protect account data. PCI DSS applies to all entities involved in payment card processing—including merchants, processors, acquirers, issuers, and service providers. PCI DSS also applies to all other entities that store, process or transmit cardholder data (CHD) and/or sensitive authentication data (SAD). Below is a high-level overview of the 12 PCI DSS requirements.
The standard at a high level includes six areas:
Build and Maintain a Secure Network and Systems
Protect Cardholder Data
Maintain a Vulnerability Management Program
Implement Strong Access Control Measures
Regularly Monitor and Test Networks
Maintain an Information Security Policy
PCI DSS comprises a minimum set of requirements for protecting account data, and may be enhanced by additional controls and practices to further mitigate risks, as well as local, regional and sector laws and regulations. Additionally, legislation or regulatory requirements may require specific protection of personal information or other data elements (for example, cardholder name). PCI DSS does not supersede local or regional laws, government regulations, or other legal requirements.
