PCI Data Security Standard version 1.0
| Scorecard | Audience | Description |
|---|---|---|
PCI DSS Requirement 1: Firewall Configuration
|
Operations, Audit, Risk Management |
Firewall Configuration demonstrates compliance with PCI Data Security Standard Requirement 1. This scorecard presents trended metrics results for hosts behind a firewall, hosts exempt from firewall coverage, and percentage of inbound and outbound traffic denied by firewalls. |
|
PCI DSS Requirement 2: Vendor Defaults
|
Operations, Audit, Risk Management |
Vendor Defaults demonstrates compliance with PCI Data Security Standard Requirement 2. This scorecard presents policy information regarding the testing and configuration of systems to eliminate vendor defaults. |
|
PCI DSS Requirement 3: Data at Rest
|
Operations, Audit, Risk Management |
Data at Rest demonstrates compliance with PCI Data Security Standard Requirement 3. This scorecard presents trended metrics results for device encryption, data retention, and encryption capacity. |
|
PCI DSS Requirement 4: Data in Motion
|
Operations, Audit, Risk Management |
Data in Motion demonstrates compliance with PCI Data Security Standard Requirement 4. This scorecard presents trended metrics results for email encryption, transaction encryption, and certificate management. |
|
PCI DSS Requirement 5: Anti-Virus
|
Operations, Audit, Risk Management |
Anti-Virus demonstrates compliance with PCI Data Security Standard Requirement 5. This scorecard presents trended metrics results for anti-virus coverage, vulnerability scanning, and anti-virus signature updates. |
|
PCI DSS Requirement 6: Vulnerability and Patch
|
Operations, Audit, Risk Management |
Vulnerability and Patch Management demonstrates compliance with PCI Data Security Standard Requirement 6. This scorecard presents trended metrics results for patch management coverage, patching activity, and residual risks due to unpatched hosts. |
|
PCI DSS Requirement 7: Access Control
|
Operations, Audit, Risk Management |
Access Control demonstrates compliance with PCI Data Security Standard Requirement 7. This scorecard presents trended metrics results for account provisioning and deprovisioning activity, idle accounts, and account status. |
|
PCI DSS Requirement 8: Unique ID
|
Operations, Audit, Risk Management |
Unique ID demonstrates compliance with PCI Data Security Standard Requirement 8. This scorecard presents trended metrics results for accounts with passwords, password strength, password age, and failed logins. |
|
PCI DSS Requirement 9: Physical Access
|
Operations, Audit, Risk Management |
Physical Access demonstrates compliance with PCI Data Security Standard Requirement 9. This scorecard presents information regarding policies and management of physical access to customer data. |
|
PCI DSS Requirement 10: Data Access
|
Operations, Audit, Risk Management |
Data Access demonstrates compliance with PCI Data Security Standard Requirement 10. This scorecard presents trended metrics results tracking user logins, and evidences the presence of logs within an organization. |
|
PCI DSS Requirement 11: Testing
|
Operations, Audit, Risk Management |
Testing demonstrates compliance with PCI Data Security Standard Requirement 11. This scorecard presents trended metrics results for vulnerability scanning, tracking average time since last scan and adherence to scanning policy. |
|
PCI DSS Requirement 12: Policy
|
Operations, Audit, Risk Management |
Policy demonstrates compliance with PCI Data Security Standard Requirement 12. This scorecard presents information regarding policies for system usage, data monitoring, and incident response. |