Compliance : PCI DSS : What does PCI DSS compliance require?
What does PCI DSS compliance require?
Payment Card Industry Data Security Standard (PCI DSS), defined by the PCI Security Standards Council, is a set of data security requirements to which banks, online merchants, and Member Service Providers (MSPs) must adhere, enforcing the safe handling of card holder information.
To comply with the requirements, merchants and MSPs must:
Annually conduct an on-site audit or complete the PCI Self-Assessment Questionnaire.
Quarterly conduct vulnerability scans on all Internet-facing networks and systems. These scans must be performed by an approved scanning vendor. Vulnerability scans detect security threats associated with electronic commerce, and provide the bank, merchant, or MSP with a report demonstrating compliance status. Threats must be remediated.
To meet the second requirement, FortiScan can generate PCI technical and executive compliance reports that shows the pass or failure status for each host on your network.