|
PCI DSS Requirement |
ISO 27001 Clause |
|
1. Install and maintain
a firewall configuration to protect cardholder data |
A.10 Communications and operations
management |
|
2. Do not use
vendor-supplied defaults for system passwords and other security
parameters |
A.11 Access control |
|
3. Protect stored
cardholder data |
A.10 Communications and operations
management |
|
4. Encrypt transmission
of cardholder data across open, public networks |
A.12 Information systems acquisition,
development and maintenance |
|
5. Use and regularly
update anti-virus software on all systems commonly affected by malware |
A.12 Information systems acquisition,
development and maintenance |
|
6. Develop and maintain
secure systems and applications |
A.12 Information systems acquisition,
development and maintenance |
|
7. Restrict access to
cardholder data by business need-to-know |
A.11 Access control |
|
8. Assign a unique ID to
each person with computer access |
A.11 Access control |
|
9. Restrict physical
access to cardholder data |
A.9 Physical and environmental security |
|
10. Track and monitor
all access to network resources and cardholder data |
A.10 Communications and operations
management |
|
11. Regularly test
security systems and processes |
A.12 Information systems acquisition,
development and maintenance
A.6 Organization of information security
A.15 Compliance |
|
12. Maintain a policy
that addresses information security |
A.5 Security policy |