Table of Contents

• Title and Copyright Information
• Preface
• 1 Executive Summary
  • PCI Security Standards Council Reference Documents
  • Payment Application Summary
  • Typical Network Implementation
  • Difference between PCI Compliance and SSF Validation
• 2 Considerations for the Implementation of Payment Application in a PCI-Compliant Environment
  • Remove Historical Sensitive Authentication Data
  • Handling of Sensitive Authentication Data
  • Secure Deletion of Cardholder Data
  • All PAN is Masked by Default
    • Cardholder Data Encryption & Key Management
  • Removal of Historical Cryptographic Material
  • Set up Strong Access Controls
  • PCI Compliant Password in Oracle Hospitality Cruise Shipboard Property Management System
  • Creating Secure Password
  • Properly Train and Monitor Admin Personnel
  • Log Settings Must be Compliant
  • Lockout Duration Configuration
  • Test Data and Accounts
• 3 PCI-Compliant Wireless Settings
• 4 Services and Protocols
  • Never Store Cardholder Data on Internet-Accessible Systems
  • Remote Access
  • Delivery of Updates
  • PCI-Compliant Remote Access
  • Data Transport Encryption
  • PCI-Compliant Use of End User Messaging Technologies
  • Non-Console Administration and Multi-Factor Authentication
  • Network Segmentation
  • Maintain an Information Security Program
  • Application System Configuration
  • Payment Application Initial Setup & Configuration
  • Updating your Encryption Key on a Periodic Basis
• 5 Appendix A Inadvertent Capture of PAN
  • Microsoft Windows 10