Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » PCI DSS » PCI DSS Rules

PCI DSS Rules

PCI DSS rules are global security standards for any organization dealing with cardholder data to reduce security incidents, information theft, and data breaches in the payment industry. 

Here are the 12 PCI compliance requirements or rules you need to know:

  • Install and maintain a firewall to secure network connections
  • Change default passwords and security settings provided by vendors
  • Protect stored cardholder data with policies for data disposal
  • Encrypt cardholder data when transmitting it over public networks
  • Use and keep antivirus software updated
  • Develop security systems and processes to address vulnerabilities
  • Restrict access to cardholder data based on roles and privileges
  • Assign user IDs for computer access and implement authentication measures
  • Restrict physical access to cardholder data with monitoring tools
  • Track and monitor network and data access, maintaining audit trails
  • Regularly test systems and processes, including wireless access points
  • Have an information security policy outlining technology usage rules and responsibilities

Additional reading

GRC Business Resilience: The Key to Future-Ready Enterprises

Disruptions never inform or send an RSVP; they break in. Disruptions, from geopolitical issues to cyberattacks and regulatory shifts, can bring businesses to a standstill. So, the question is, are you prepared, or just reacting on the fly? A recent survey says that 72% of UK companies experienced IT disruptions last year, with 58% suffering…

What is Consensus Assessments Initiative Questionnaire (CAIQ)? 

In June of 2023, the automaker Toyota revealed that around 260,000 customers’ data was exposed online due to a misconfiguration in its cloud setup. Though the breach didn’t expose a huge amount of sensitive data, it shows how a simple mistake can give hackers an opening. This is why a Consensus Assessments Initiative Questionnaire (CAIQ)…

Understanding NIST 800 137: A comprehensive guide to Information Security Continuous Monitoring (ISCM)

The National Institute of Standards and Technology (NIST) has long been a pivotal force in shaping global standards and guiding cybersecurity professionals. NIST has developed essential frameworks and guidelines that enhance the capabilities of both industry and government in identifying and responding to cyber threats. One such critical publication is NIST SP 800 137 which…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales