PCI-DSSv3.2.1 Audit Details (Explore)

The Payment Card Industry Security Standards Council (PCI SSC) maintains, evolves, and promotes Payment Card Industry standards for the safety of cardholder data across the globe. The PCI SSC provides technical and operational requirements for organizations accepting or processing payment transactions. The guidance also applies to software developers and manufacturers of applications and devices used in those transactions. The Payment Card Industry Data Security Standard (PCI DSS) helps entities understand and implement standards for security policies, technologies, and ongoing processes that protect payment systems from breaches and theft of cardholder data. The standards have historically been revised on a 2-3 year cycle, but the PCI SSC is transitioning to a posture of revising the PCI DSS as required based on changes to the current threat landscape. 

This report provides organizations with information which specifically measures against the compliance standards related to the Payment Card Industry Data Security Standard (PCI DSS).  The PCI DSS security standard was formed in 2004 by Visa, MasterCard, Discover Financial Services, JCB International, and American Express and governed by the Payment Card Industry Security Standards Council (PCI SSC).  While the PCI SSC has no legal authority to compel compliance, the goal is to secure credit and debit card transactions against theft.  However, compliance with the PCI DSS standard is a requirement for any business that processes credit or debit card transactions.  

This report references controls contained in PCI DSS v3.2.1, which was released in Q2 of 2018.  Version 3.2.1 contains minor updates to v3.2.  Updates include, but are limited to, migration dates for SSL/early TLS, and the removal of multi-factor authentication (MFA) from the compensating control example in Appendix B, as MFA is not required for all non-console administrative access. 

Tenable provides several solutions for organizations to better understand vulnerability management. Security leaders need to SEE everything, PREDICT what matters most and ACT to address cyber risk and effectively align cybersecurity initiatives with business objectives. Tenable Vulnerability Management (formerly Tenable.io) discovers and analyzes assets continuously to provide an accurate and unified view of an organization's security posture. The requirements for this report are: Tenable Vulnerability Management.

Chapters: 

• Executive Summary: This chapter contains three elements which provide a high level overview summarizing results outlined in PCI DSS v3.2.1.
• Framework Result Summary: This chapter summarizes all the families outlined in PCI DSS v3.2.1.
• Control Summary: This chapter summarizes all the families outlined in PCI DSS v3.2.1.
• Audit Check Type Summary: This chapter provides details on each of the compliance controls for the compliance family group being referenced.
• Build and Maintain a Secure Networks and Systems: This chapter provides details on each of the compliance controls for the compliance family group being referenced.
• Implement Strong Access Control Measures: This chapter provides details on each of the compliance controls for the compliance family group being referenced.
• Maintain a Vulnerability Management Program: This chapter provides details on each of the compliance controls for the compliance family group being referenced.
• Protect Account Data: This chapter provides details on each of the compliance controls for the compliance family group being referenced.
• Regularly Monitor and Test Networks: This chapter provides details on each of the compliance controls for the compliance family group being referenced.