PCI Compliance: A Moment In Time

When it comes to PCI compliance, merchants and software vendors alike often make the mistake of viewing their compliance as a "checklist" rather than an ongoing process. Too many people assume that PCI compliance is achieved once. In reality, however, it is maintained, through vigilant adaptation to both PCI requirements and evolving security threats.

A closer look at PCI DSS requirements should make it quite clear that compliance is an ongoing exercise. For example, requirement 1 reads, "Install and maintain a firewall configuration to protect cardholder data." Requirement 5 mandates that you "Use and regularly update anti-virus software." Requirement 6 states that you "Develop and maintain secure systems and applications." Requirement 11 implores that you "Regularly test security systems and processes." And, of course, Requirement 12 states that you must "Maintain a policy that addresses information security."

Clearly, five of the twelve PCI requirements explicitly mention either maintaining or updating, which should make it clear to all paying attention that there is no finality to PCI compliance. Business Solutions