PCI DSS · Maintain an information security policy
Req. 12 Support information security with organizational policies and programs
Maintain an information security policy and programme that supports the secure handling of cardholder data.
Mapped across 10 provisions
Equivalent and related requirements in other frameworks and regulations.
- NIST CSF 2.0PartialOfficial mapping
Source: PCI DSS v4.0 / NIST CSF 2.0
GV.OC-01 Organizational mission and security role understoodGovernance & security policy
- CCPA / CPRARelatedCurated§1798.100 Consumers' right to know and notice at collection
Governance & security policy
- DORARelatedCuratedArt. 6 ICT risk management framework
Governance & security policy
- GDPRRelatedCuratedArt. 25 Data protection by design and by default
Governance & security policy
- GLBARelatedCurated§314.4(a) Designate a qualified individual
Governance & security policy
- ISO 27001RelatedCuratedA.5.1 Policies for information security
Governance & security policy
- LGPDRelatedCuratedArt. 50 Good practices and governance rules
Governance & security policy
- NIS2RelatedCuratedArt. 21(2)(a) Risk analysis and information system security policies
Governance & security policy
- NIST 800-53RelatedCuratedPM-1 Information security program plan
Governance & security policy
- SOC 2RelatedCuratedCC1.1 Integrity and ethical values
Governance & security policy