Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » PCI DSS » PCI DSS Rules

PCI DSS Rules

PCI DSS rules are global security standards for any organization dealing with cardholder data to reduce security incidents, information theft, and data breaches in the payment industry. 

Here are the 12 PCI compliance requirements or rules you need to know:

  • Install and maintain a firewall to secure network connections
  • Change default passwords and security settings provided by vendors
  • Protect stored cardholder data with policies for data disposal
  • Encrypt cardholder data when transmitting it over public networks
  • Use and keep antivirus software updated
  • Develop security systems and processes to address vulnerabilities
  • Restrict access to cardholder data based on roles and privileges
  • Assign user IDs for computer access and implement authentication measures
  • Restrict physical access to cardholder data with monitoring tools
  • Track and monitor network and data access, maintaining audit trails
  • Regularly test systems and processes, including wireless access points
  • Have an information security policy outlining technology usage rules and responsibilities

Additional reading

ISO 27001:2013 – A Guide to Information Security Management

In response to growing security concerns and breaches, the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) published ISO 27001 in 2005.  It was revised in 2013 to keep the document to sync with global changes in technology and processes, and most recently in 2022. The 2013 version is not significantly different…

FedRAMP Certification: Process, Timeline & Costs

In 2020, attackers exploited a compromised software update to infiltrate multiple U.S. federal agencies, including the Treasury and Commerce Departments. It exposed sensitive data and led to a sweeping audit of third-party vendors and cloud providers. The incident highlighted how misconfigured or poorly vetted cloud systems can quickly escalate into a national security vulnerability. This…

ISO 27001 Controls: A Guide to Implementing Annex A Controls

TL;DR ISO 27001 controls (Annex A) are security measures (policies, processes, technical controls) used to manage risks and build an ISMS. You don’t implement all controls—you select relevant ones based on your risk assessment and Statement of Applicability (SoA). Controls are grouped into key domains (e.g., access control, cryptography, asset management, incident response, vendor risk)…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales