The PCI Security Standards Council, a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (PCI DSS), PCI PIN Entry Device (PED) Security Requirements and the Payment Application Data Security Standard (PA-DSS), today released a new resource to promote card data security through adoption of the PCI DSS.
The Prioritized Approach framework helps merchants identify highest risk targets, create a common language around PCI DSS implementation efforts and demonstrate progress on the compliance process to key stakeholders.
The Prioritized Approach framework was created to help merchants who are not yet fully compliant with the PCI DSS understand and reduce risk while on the road to compliance. Comprised of six security milestones outlined below, the tool focuses on best practices for protecting against the highest risk factors and escalating threats facing cardholder data security:
- Milestone One: If you don't need it, don't store it
- Milestone Two: Secure the perimeter
- Milestone Three: Secure applications
- Milestone Four: Monitor and control access to your systems
- Milestone Five: Protect stored cardholder data
- Milestone Six: Finalize remaining compliance efforts, and ensure all controls are in place
"Securing cardholder data is the ultimate priority and following the PCI DSS is the best way to achieve this. The Prioritized Approach framework will help stakeholders understand where they can act to reduce risk earlier in their journey towards PCI DSS compliance," said Bob Russo, general manager, PCI Security Standards Council. "The launch of these new guidance and interactive documents are another step by the Council to increase understanding of and education around PCI DSS among merchants, providing them with insight into how they can protect card holder data faster and demonstrate progress and compliance with the PCI DSS."
The Prioritized Approach was compiled after considering actual data compromise events, feedback from Qualified Security Assessors (QSAs) and forensic investigators and input from the PCI SSC Board of Advisors. The framework gives practical suggestions on how to approach compliance with PCI DSS to create the most immediate impact on card data security in a merchant's environment. The Prioritized Approach also creates a common language to improve communication around compliance progress between merchants, QSAs, acquiring banks and card brands.
The Prioritized Approach framework is available on the Council's website and includes a reference document and simple to use, downloadable worksheet that allows merchants to sort specific PCI DSS requirements by Prioritized Approach milestones.