Đang chuẩn bị liên kết để tải về tài liệu:
Payment Card Industry (PCI )Data Security Standard

This guide stresses the need for an effective security testing program within federal agencies. Testing serves several purposes. One, no matter how well a given system may have been developed, the nature of today’s complex systems with large volumes of code, complex internal interactions, interoperability with uncertain external components, unknown interdependencies coupled with vendor cost and schedule pressures, means that exploitable flaws will always be present or surface over time. Accordingly, security testing must fill the gap between the state of the art in system development and actual operation of these systems. . | Payment Card Industry PCI Data Security Standard Requirements and Security Assessment Procedures Version 2.0 October 2010 Security Standards Council Document Changes Date Version Description Pages October 2008 1.2 To introduce PCI DSS v1.2 as PCI DSS Requirements and Security Assessment Procedures eliminating redundancy between documents and make both general and specific changes from PCI DSS Security Audit Procedures v1.1. For complete information see PCI Data Security Standard Summary of Changes from PCI DSS Version 1.1 to 1.2. July 2009 1.2.1 Add sentence that was incorrectly deleted between PCI DSS v1.1 and v1.2. 5 Correct then to than in testing procedures 6.3.7.a and 6.3.7.b. 32 Remove grayed-out marking for in place and not in place columns in testing procedure 6.5.b. 33 For Compensating Controls Worksheet - Completed Example correct wording at top of page to say Use this worksheet to define compensating controls for any requirement noted as in place via compensating controls. 64 October 2010 2.0 Update and implement changes from v1.2.1. For details please see PCI DSS - Summary of Changes from PCI DSS Version 1.2.1 to 2.0. PCI DSS Requirements and Security Assessment Procedures Version 2.0 Copyright 2010 PCI Security Standards Council LLC October 2010 Page 2 1 Security w Standards Council__ Table of Contents Document Changes.2 Introduction and PCI Data Security Standard Overview.5 PCI DSS Applicability Information.7 Relationship between PCI DSS and PA-DSS.9 Scope of Assessment for Compliance with PCI DSS Requirements.10 Network Segmentation.10 Wireless.11 Third Parties Outsourcing.11 Sampling of Business Facilities System Components.12 Compensating Controls.13 Instructions and Content for Report on Compliance.14 Report Content and Format.14 Revalidation of Open Items.17 PCI DSS Compliance - Completion Steps.18 Detailed PCI DSS Requirements and Security Assessment .