Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » PCI DSS » PCI DSS Rules

PCI DSS Rules

PCI DSS rules are global security standards for any organization dealing with cardholder data to reduce security incidents, information theft, and data breaches in the payment industry. 

Here are the 12 PCI compliance requirements or rules you need to know:

  • Install and maintain a firewall to secure network connections
  • Change default passwords and security settings provided by vendors
  • Protect stored cardholder data with policies for data disposal
  • Encrypt cardholder data when transmitting it over public networks
  • Use and keep antivirus software updated
  • Develop security systems and processes to address vulnerabilities
  • Restrict access to cardholder data based on roles and privileges
  • Assign user IDs for computer access and implement authentication measures
  • Restrict physical access to cardholder data with monitoring tools
  • Track and monitor network and data access, maintaining audit trails
  • Regularly test systems and processes, including wireless access points
  • Have an information security policy outlining technology usage rules and responsibilities

Additional reading

Data Privacy Framework and How It Works

Did you know that 76% of users think companies should do more to safeguard their data online? But here’s the big question: Are you doing everything you can to protect your client’s data? If you’re uncertain, examining your current practices more closely is crucial.  As organizations increasingly rely on data-driven processes, safeguarding personal and confidential…

What Is Cybersecurity and Why It Matters Today

TL;DR In the age of the internet, organizations are heavily relying on IT infrastructure to keep them safe from cyberattacks. As more and more organizations are adopting digital transformation, the risk of cybercrime is increasing at a rapid rate; so is the importance of cybersecurity. Cybersecurity has become the knight in shining armour. Strong cybersecurity…

HIPAA Data Retention Requirements: A 2026 Guide with State-Wise Policies

Storing healthcare data is a legal obligation shaped by both HIPAA and a maze of state-specific retention rules. As we head into 2026, service providers, business associates, and compliance teams must navigate overlapping federal mandates, differing state timelines, and rising enforcement risks. This guide breaks down HIPAA’s data retention requirements, how they compare to medical…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales