| Requirement | Status | Comments |
|---|---|---|
| 1. Install and maintain a firewall configuration to protect cardholder data | ||
| 2. Do not use vendor-supplied defaults for system passwords and other security parameters | ||
| 3. Protect stored cardholder data | ||
| 4. Encrypt transmission of cardholder data across open, public networks | ||
| 5. Protect all systems against malware and regularly update anti-virus software | ||
| 6. Develop and maintain secure systems and applications | ||
| 7. Restrict access to cardholder data by business need-to-know | ||
| 8. Identify and authenticate access to system components | ||
| 9. Restrict physical access to cardholder data | ||
| 10. Track and monitor all access to network resources and cardholder data | ||
| 11. Regularly test security systems and processes | ||
| 12. Maintain a policy that addresses information security for employees and contractors |