Table of Contents
- Title and Copyright Information
- Preface
- 1 Executive Summary
-
2
Considerations for the Implementation of Payment Application
in a PCI-Compliant Environment
- Remove Historical Sensitive Authentication Data (PA-DSS 1.1.4)
- Handling of Sensitive Authentication Data (PA-DSS 1.1.5)
- Secure Deletion of Cardholder Data (PA-DSS 2.1)
- All PAN is Masked by Default (PA-DSS 2.2)
- Removal of Historical Cryptographic Material (PA-DSS 2.6)
- Set up Strong Access Controls (PA-DSS 3.1 and 3.2)
- PCI Compliant Password in Oracle Hospitality Cruise Shipboard Property Management System
- Creating Secure Password
- Properly Train and Monitor Admin Personnel
- Log Settings Must be Compliant (PA-DSS 4.1.b and 4.4b)
- Lockout Duration Configuration (PCI DSS 8.1.6 / PA-DSS 3.1.9)
- Test Data and Accounts: (PA-DSS 5.1.2 & 5.1.3)
- 3 PCI-Compliant Wireless Settings (PA DSS 6.1.a and 6.2.b)
-
4
Services and Protocols (PA-DSS 8.2.c)
- Never Store Cardholder Data on Internet-Accessible Systems (PA-DSS 9.1.c)
- PCI-Compliant Remote Access (PA-DSS 10.1)
- PCI-Compliant Delivery of Updates (PA-DSS 7.2.3, 10.2.1.a)
- PCI-Compliant Remote Access (PA-DSS 10.3.2.a)
- Data Transport Encryption (PA-DSS 11.1.b)
- PCI-Compliant Use of End User Messaging Technologies (PA-DSS 11.2.b)
- Non-Console Administration and Multi-Factor Authentication (PA-DSS 12.1,12.2)
- Network Segmentation
- Maintain an Information Security Program
- Application System Configuration
- Payment Application Initial Setup & Configuration
- Updating your Encryption Key on a Periodic Basis
- 5 Appendix A Inadvertent Capture of PAN