Skip to content
Cyber Compliance

GLBAPCI DSS crosswalk

A control-by-control mapping between GLBA Safeguards Rule (16 CFR Part 314) and PCI DSS v4.0. 7 mappings.

GLBAPCI DSSRelationshipNotes
§314.4(a)
Designate a qualified individual
Req. 12
Support information security with organizational policies and programs
RelatedCurated
Gouvernance et politique de sécurité
§314.4(c)(1)
Access controls
Req. 7
Restrict access by business need to know
EquivalentCurated
Contrôle d'accès et identité
§314.4(c)(1)
Access controls
Req. 8
Identify users and authenticate access
EquivalentCurated
Contrôle d'accès et identité
§314.4(c)(3)
Encryption of customer information
Req. 3
Protect stored account data
EquivalentCurated
Cryptographie et protection des données
§314.4(c)(3)
Encryption of customer information
Req. 4
Protect cardholder data with strong cryptography during transmission
EquivalentCurated
Cryptographie et protection des données
§314.4(c)(8)
Monitoring and logging of authorized user activity
Req. 10
Log and monitor all access to system components and cardholder data
EquivalentCurated
Journalisation, surveillance et détection
§314.4(d)
Regularly test or monitor safeguards
Req. 11
Test security of systems and networks regularly
PartialCurated
Gestion des vulnérabilités

Mappings marked “Official” derive from standards-body informative references; “Curated” mappings are authored by Cyber Compliance and provided for guidance only.