PCI Data Security Standard version 1.2 now active.

Payment card industry (PCI) self-assessment questionnaire for cybersecurity solutions.

As of October 1, 2008 the PCI Data Security Standard version 1.2 became active. There are a number of changes to PCI DSS since version 1.1. Version 1.2 removes much of the ambiguity from earlier versions and provides additional details on items such as the use wireless devices.

One of the largest and possibly most hard hitting change is how the the certification process is placing an increasing amount of scrutiny on level 3 and 4 merchants. If you process credit cards and have not received any notification from your merchant bank regarding PCI DSS compliance, you will soon.

I will not attempt to cover all of the details of the new standard but will say if your company handles any cardholder data, it is important to get your infrastructure into compliance with PCI DSS.

PCI DSS 1.2 specifies 12 requirements for compliance, organized into 6 logically related groups, which are called “control objectives.

The control objectives and their requirements are:

    • Build and Maintain a Secure Network
        1. Requirement 1: Install and maintain a firewall configuration to protect cardholder data
        1. Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
    • Protect Cardholder Data
        1. Requirement 3: Protect stored cardholder data
        1. Requirement 4: Encrypt transmission of cardholder data across open, public networks
    • Maintain a Vulnerability Management Program
        1. Requirement 5: Use and regularly update anti-virus software
        1. Requirement 6: Develop and maintain secure systems and applications
    • Implement Strong Access Control Measures
        1. Requirement 7: Restrict access to cardholder data by business need-to-know
        1. Requirement 8: Assign a unique ID to each person with computer access
        1. Requirement 9: Restrict physical access to cardholder data
    • Regularly Monitor and Test Networks
        1. Requirement 10: Track and monitor all access to network resources and cardholder data
        1. Requirement 11: Regularly test security systems and processes
    • Maintain an Information Security Policy
        1. Requirement 12: Maintain a policy that addresses information security

Each control objective contains additional details on what is required to meet the objective and requires a detailed study to fully understand them and their impact on your existing infrastructure. Smaller companies have the option to use a self-certification questionnaire but even this can be difficult and time consuming.

ZZ Servers has fully qualified security assessors and partnerships with PCI ASV/QSA’s for all levels PCI certification, required security scans and full level 1 PCI audit validation. Contact us today so we can can assist with your adaption of PCI DSS in your environment and ensure your full compliance with these comprehensive regulations. Let us help you prepare and prevent the damaging costs of a data breach.

Peter Zendzian
Managing Partner
ZZ Servers, LLC

What do you think?

Leave a Reply

Related articles

Two business people sitting at a desk in an office.

Integris Health Patients Face Shocking Extortion Emails Following Devastating Cyberattack

Integris Health, an Oklahoma-based healthcare provider, is notifying patients they may receive extortion emails after suffering a cyberattack. The attack targeted the systems of NoMoreClipboard, an online patient portal, affecting 102,000 patients. Cybercriminals are demanding $2,000 in Bitcoin for the return of patient data, including medical records and contact information.

Read more
Contact us

Partner with Us for Comprehensive IT

We’re happy to answer any questions you may have and help you determine which of our services best fit your needs.

Your benefits:
What happens next?

We Schedule a call at your convenience 


We do a discovery and consulting meting 


We prepare a proposal 

Schedule a Free Consultation