Description
The intent of this course is to provide some extra test questions you may not have encountered that relate to the PCI DSS standard version 3.2.1 re-qualification exam. Areas include, scoping, segmentation, assessing people, processes and technologies. If you have questions or suggestions for improvements, please don't hesitate to contact me and please leave a review! PCI DSS Version 4.0 is now published and will be phased in over the next two years. This version, 3.2.1 will remain active for two years (March 31, 2024 it will be retired). The Payment Card Industry Data Security Standard (PCI DSS) was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally. PCI DSS provides a baseline of technical and operational requirements designed to protect account data. PCI DSS applies to all entities involved in payment card processing-including merchants, processors, acquirers, issuers, and service providers. PCI DSS also applies to all other entities that store, process or transmit cardholder data (CHD) and/or sensitive authentication data (SAD). Below is a high-level overview of the 12 PCI DSS requirements. The standard at a high level includes six areas: Build and Maintain a Secure Network and SystemsProtect Cardholder DataMaintain a Vulnerability Management ProgramImplement Strong Access Control MeasuresRegularly Monitor and Test NetworksMaintain an Information Security PolicyPCI DSS comprises a minimum set of requirements for protecting account data, and may be enhanced by additional controls and practices to further mitigate risks, as well as local, regional and sector laws and regulations. Additionally, legislation or regulatory requirements may require specific protection of personal information or other data elements (for example, cardholder name). PCI DSS does not supersede local or regional laws, government regulations, or other legal requirements.
