Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » PCI DSS » PCI DSS Rules

PCI DSS Rules

PCI DSS rules are global security standards for any organization dealing with cardholder data to reduce security incidents, information theft, and data breaches in the payment industry. 

Here are the 12 PCI compliance requirements or rules you need to know:

  • Install and maintain a firewall to secure network connections
  • Change default passwords and security settings provided by vendors
  • Protect stored cardholder data with policies for data disposal
  • Encrypt cardholder data when transmitting it over public networks
  • Use and keep antivirus software updated
  • Develop security systems and processes to address vulnerabilities
  • Restrict access to cardholder data based on roles and privileges
  • Assign user IDs for computer access and implement authentication measures
  • Restrict physical access to cardholder data with monitoring tools
  • Track and monitor network and data access, maintaining audit trails
  • Regularly test systems and processes, including wireless access points
  • Have an information security policy outlining technology usage rules and responsibilities

Additional reading

100+ Phishing Attack Statistics You Should Know

Phishing attacks have become a menacing threat in today’s digital landscape, jeopardizing the security and privacy of organizations and individuals alike. Understanding the scope as well as the impact of these threats is critical for avoiding potentially debilitating financial loss or implementing effective cybersecurity measures. Here we analyze the impact of phishing attacks globally:  Phishing…

Top 10 Tugboat Logic Alternatives

If you’re evaluating alternatives to Tugboat Logic, your business has probably reached a stage where compliance needs to scale with growth—and you need automation to keep pace with customer demands and audit deadlines. Since Tugboat Logic is now part of OneTrust’s GRC & Security Assurance Cloud, many buyers compare that route against specialist automation platforms…

ISO 27001 Training Program [How to get started]

Like it or not, your employees are your first line of defence in the event of cyber attacks, data breaches, and hacks. You must, therefore, never shy away from investing in establishing a robust organization-wide security culture. Whether you are implementing ISO 27001 or are already certified, investing in building a security-savvy workforce will generate…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales