tailieunhanh - Payment Card Industry (PCI )Data Security Standard

This guide stresses the need for an effective security testing program within federal agencies. Testing serves several purposes. One, no matter how well a given system may have been developed, the nature of today’s complex systems with large volumes of code, complex internal interactions, interoperability with uncertain external components, unknown interdependencies coupled with vendor cost and schedule pressures, means that exploitable flaws will always be present or surface over time. Accordingly, security testing must fill the gap between the state of the art in system development and actual operation of these systems. . | Payment Card Industry PCI Data Security Standard Requirements and Security Assessment Procedures Version October 2010 Security Standards Council Document Changes Date Version Description Pages October 2008 To introduce PCI DSS as PCI DSS Requirements and Security Assessment Procedures eliminating redundancy between documents and make both general and specific changes from PCI DSS Security Audit Procedures . For complete information see PCI Data Security Standard Summary of Changes from PCI DSS Version to . July 2009 Add sentence that was incorrectly deleted between PCI DSS and . 5 Correct then to than in testing procedures and . 32 Remove grayed-out marking for in place and not in place columns in testing procedure . 33 For Compensating Controls Worksheet - Completed Example correct wording at top of page to say Use this worksheet to define compensating controls for any requirement noted as in place via compensating controls. 64 October 2010 Update and implement changes from . For details please see PCI DSS - Summary of Changes from PCI DSS Version to . PCI DSS Requirements and Security Assessment Procedures Version Copyright 2010 PCI Security Standards Council LLC October 2010 Page 2 1 Security w Standards Council__ Table of Contents Document Introduction and PCI Data Security Standard PCI DSS Applicability Relationship between PCI DSS and Scope of Assessment for Compliance with PCI DSS Network Third Parties Sampling of Business Facilities System Compensating Instructions and Content for Report on Report Content and Revalidation of Open PCI DSS Compliance - Completion Detailed PCI DSS Requirements and Security Assessment .