Wednesday, November 4, 2009
PCI Compliance: A Moment In Time
A closer look at PCI DSS requirements should make it quite clear that compliance is an ongoing exercise. For example, requirement 1 reads, "Install and maintain a firewall configuration to protect cardholder data." Requirement 5 mandates that you "Use and regularly update anti-virus software." Requirement 6 states that you "Develop and maintain secure systems and applications." Requirement 11 implores that you "Regularly test security systems and processes." And, of course, Requirement 12 states that you must "Maintain a policy that addresses information security."
Clearly, five of the twelve PCI requirements explicitly mention either maintaining or updating, which should make it clear to all paying attention that there is no finality to PCI compliance. Business Solutions