PCI DSS
PCI DSS v4.0
La norme de sécurité de l'industrie des cartes de paiement pour protéger les données des titulaires de cartes, structurée en 12 exigences principales réparties sur six objectifs de contrôle.
Who it applies to
Toute organisation dans le monde qui stocke, traite ou transmet des données de cartes de paiement, et toute entité pouvant affecter la sécurité des données de titulaires de cartes. Imposé par les réseaux de cartes via les banques acquéreuses, et non par la loi.
Build and maintain a secure network
Protect account data
- Req. 3 Protect stored account data15 mapped
Render stored cardholder data unreadable, including through strong cryptography and key management.
- Req. 4 Protect cardholder data with strong cryptography during transmission15 mapped
Use strong cryptography to protect cardholder data when transmitted over open, public networks.
Implement strong access control
- Req. 7 Restrict access by business need to know16 mapped
Limit access to system components and cardholder data to only those individuals whose job requires it.
- Req. 8 Identify users and authenticate access16 mapped
Assign a unique ID to each user and authenticate access to system components, including multi-factor authentication.
Regularly monitor and test networks
- Req. 10 Log and monitor all access to system components and cardholder data11 mapped
Implement audit logs and monitor all access to network resources and cardholder data to detect and investigate anomalies.
- Req. 11 Test security of systems and networks regularly10 mapped
Regularly test security, including vulnerability scans and penetration testing of systems and networks.