Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » PCI DSS » PCI DSS Rules

PCI DSS Rules

PCI DSS rules are global security standards for any organization dealing with cardholder data to reduce security incidents, information theft, and data breaches in the payment industry. 

Here are the 12 PCI compliance requirements or rules you need to know:

  • Install and maintain a firewall to secure network connections
  • Change default passwords and security settings provided by vendors
  • Protect stored cardholder data with policies for data disposal
  • Encrypt cardholder data when transmitting it over public networks
  • Use and keep antivirus software updated
  • Develop security systems and processes to address vulnerabilities
  • Restrict access to cardholder data based on roles and privileges
  • Assign user IDs for computer access and implement authentication measures
  • Restrict physical access to cardholder data with monitoring tools
  • Track and monitor network and data access, maintaining audit trails
  • Regularly test systems and processes, including wireless access points
  • Have an information security policy outlining technology usage rules and responsibilities

Additional reading

Cyber Threat Intelligence Feed: Real-Time Threat Detection and Response

In an unexpected turn of events, Taylor Swift’s record-breaking tour faced a challenge off-stage. While fans celebrated the musical spectacle, cybercriminals were orchestrating their own performance behind the scenes.  Reports emerged of a massive data breach affecting millions of customers, with sensitive information potentially exposed on illicit online marketplaces. This incident highlights a growing concern:…

The complete guide to due diligence

We’ve all been there. A promising vendor profile lands on your desk with a tight deadline to onboard them. The vendor looks solid, their references sound good, and everyone’s eager to move fast. So you skip a few steps in the due diligence process. What could go wrong? Plenty, as it turns out. Those small…

HIPAA-Compliant Email: What You Need to Know

Let’s say you have built HIPAA-compliant software, trained your staff, and have a dedicated HIPAA compliance officer to oversee your compliance requirements.  But you can still get pulled up by the Office of Civil Rights (OCR) if your email isn’t HIPAA compliant! Is your email HIPAA compliant? This is what we are going to discuss…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales