Go to main content
1/8
Contents
Title and Copyright Information
Preface
1
Executive Summary
PCI Security Standards Council Reference Documents
Payment Application Summary
Typical Network Implementation
Difference between PCI Compliance and PA-DSS Validation
2
Considerations for the Implementation of Payment Application in a PCI-Compliant Environment
Remove Historical Sensitive Authentication Data (PA-DSS 1.1.4)
Handling of Sensitive Authentication Data (PA-DSS 1.1.5)
Secure Deletion of Cardholder Data (PA-DSS 2.1)
All PAN is Masked by Default (PA-DSS 2.2)
Cardholder Data Encryption & Key Management (PA-DSS 2.3, 2.4 and 2.5)
Removal of Historical Cryptographic Material (PA-DSS 2.6)
Set up Strong Access Controls (PA-DSS 3.1 and 3.2)
PCI Compliant Password in Oracle Hospitality Cruise Shipboard Property Management System
Creating Secure Password
Properly Train and Monitor Admin Personnel
Log Settings Must be Compliant (PA-DSS 4.1.b and 4.4b)
Lockout Duration Configuration (PCI DSS 8.1.6 / PA-DSS 3.1.9)
Test Data and Accounts: (PA-DSS 5.1.2 & 5.1.3)
3
PCI-Compliant Wireless Settings (PA DSS 6.1.a and 6.2.b)
4
Services and Protocols (PA-DSS 8.2.c)
Never Store Cardholder Data on Internet-Accessible Systems (PA-DSS 9.1.c)
PCI-Compliant Remote Access (PA-DSS 10.1)
PCI-Compliant Delivery of Updates (PA-DSS 7.2.3, 10.2.1.a)
PCI-Compliant Remote Access (PA-DSS 10.3.2.a)
Data Transport Encryption (PA-DSS 11.1.b)
PCI-Compliant Use of End User Messaging Technologies (PA-DSS 11.2.b)
Non-Console Administration and Multi-Factor Authentication (PA-DSS 12.1,12.2)
Network Segmentation
Maintain an Information Security Program
Application System Configuration
Payment Application Initial Setup & Configuration
Updating your Encryption Key on a Periodic Basis
5
Appendix A Inadvertent Capture of PAN
Microsoft Windows 10
Scripting on this page enhances content navigation, but does not change the content in any way.