2022 US Payment Card Industry (PCI) Data Security Audit Program: PCI Standard, Sarbanes-Oxley Sections 103a, 302, 404, 409, 801a and 802 for Security and Retention of Data Compliant

Research and Markets

Updated 7 December 2022 at 8:13 am·4-min read

Company Logo

Dublin, Dec. 07, 2022 (GLOBE NEWSWIRE) -- The "Payment Card Industry (PCI) Data Security Audit Program - Platinum Edition" report has been added to ResearchAndMarkets.com's offering.

PCI-DSS Audit Program needs constant updating - It is estimated that the cost of a credit card security breach is between $90 and $305 per compromised record. While the threshold for PCI compliance is only a minimum standard, businesses recognize that failure to meet PCI requirements can lead to both financial penalties and long-term damage to customer trust and brand equity.

PCI requirements maintain that companies shall encrypt data at rest, which is a challenging and expensive endeavor for most retailers to undertake. (see also PCI Compliance Kit)

The PCI DSS security requirements apply to all "system components. " A system component is defined as any network component, server, or application that is included in or connected to the cardholder data environment. The cardholder data environment is that part of the network that possesses cardholder data or sensitive authentication data.

Network components include but are not limited to firewalls, switches, routers, wireless access points, network appliances, and other security appliances. Server types include, but are not limited to the following: web, database, authentication, mail, proxy, network time protocol (NTP), and domain name server (DNS). Applications include all purchased and custom applications, including internal and external (internet) applications.

This program is specific to the required annual PCI audit. Included in the standard audit program are two policies (one paragraph long) which need to be implemented to meet PCI DSS security requirements. The policies are for "Sensitive Data" and "Record Management (Retention and Disposition)" --the ones provided in the standard package are shorthand versions of the full policies contained in other Janco products which are available individually or in the premium and gold versions of the PCI Audit program.

PCI Audit Program Platinum Edition - Save 30%

PCI Audit Program comes in PDF and WORD .docx formats. The Audit program includes a brief policy statement for Sensitive Information and Record Management (Retention and Destruction). The Audit Program complies with the PCI standard, Sarbanes-Oxley Sections 103a, 302, 404, 409, 801a and 802 for security and retention of data, systems and reports.
Sensitive Information Policy Template comes in WORD .docx format and is 34 pages in length and complies with Sarbanes Oxley Section 404, ISO 27000 (17799),and HIPAA.
Backup and Backup Retention Policy Template comes in WORD .docx format
Security Manual Template come is WORD .docx format and is over 230 pages in length. This template include both the Business & IT Impact Questionnaire and the Threat & Vulnerability Assessment Tool (both address Sarbanes Oxley compliance)
Security Audit Program comes in Excel and PDF formats. The Audit Program is IS0 27001, ISO 27002, Sarbanes Oxley, PCI-DSS, and HIPAA compliant. It meets Massachusetts, New York, and California requirements.
Disaster Recovery Business Continuity Program comes in WORD .docx and PDF formats. The Audit Program is IS0 17799, Sarbanes Oxley, PCI-DSS, and HIPAA compliant.

Key Topics Covered:

Policy - Sensitive Information Policy - Credit Card, Social Security, Employee, and Customer Data

Policy - Record Management, Retention, and Disposition Policy

PCI DSS Applicability Information

Scope of Assessment for Compliance with PCI DSS Requirements

Instructions and Content for Report on Compliance

Revalidation of Open Items

Build and Maintain a Secure Network

Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters.

Protect Cardholder Data

Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program

Requirement 5: Use and regularly update anti-virus software or programs
Requirement 6: Develop and maintain secure systems and applications

Implement Strong Access Control Measures

Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data

Regularly Monitor and Test Networks

Requirement 10: Track and monitor all access to network resources and cardholder data.
Requirement 11: Regularly test security systems and processes

Maintain an Information Security Policy

Requirement 12: Maintain a policy that addresses information security for employees and contractors

Appendix A: PCI DSS Applicability for Hosting Providers (with Testing Procedures)

Requirement A.1: Hosting providers protect cardholder data environment

Appendix B - Compensating Controls

Compensating Controls - General
Compensating Controls for Requirement 3.4

Appendix C: Compensating Controls Completed Example/Worksheet

Compensating Controls Worksheet

What's New

For more information about this report visit https://www.researchandmarkets.com/r/zczztj

CONTACT: CONTACT: ResearchAndMarkets.com Laura Wood,Senior Press Manager press@researchandmarkets.com For E.S.T Office Hours Call 1-917-300-0470 For U.S./ CAN Toll Free Call 1-800-526-8630 For GMT Office Hours Call +353-1-416-8900

Investor's Business Daily
Dow Jones Futures: Stock Market Makes Bullish Move, Nvidia In Buy Area; Palantir, These AI Plays On Tap
The market rally made a bullish move, with Nvidia flashing a buy signal. Palantir leads five AI stocks near buy points with earnings due.
Associated Press
Lowe has 4 hits as Rangers beat Royals 15-4
Nathaniel Lowe had four hits and two RBIs, and the Texas Rangers beat the Kansas City Royals 15-4 on Saturday night. Lowe went 4 for 6 one night after going hitless in four at bats in Texas' 7-1 loss on Friday. Adolis García, Evan Carter and Travis Jankowski also drove in two runs each.
Yahoo Sports
Lionel Messi smashes MLS and personal records with goal, 5 assists in a single half
Messi needed just 34 minutes to do things that no MLS player had ever done in a full game.
The Daily Beast
J.Lo’s Career Identity Crisis Needs a New ‘Monster-in-Law’
Photo Illustration by Luis G. Rendon/The Daily Beast/Everett CollectionWelcome to modern rom-com week at The Daily Beast’s Obsessed! In honor of two big romance releases this week—The Fall Guy and The Idea of You—we’re celebrating everything we love about the last 15 years of romantic comedies.Jennifer Lopez has the work ethic of 100 people, 15 horses, three donkeys, and me after two cans of sugar-free Red Bull. That’s why she needs to dance with a cane: She’s a lot of woman to support! Hopping
Simply Wall St.
With 46% stake, Pentamaster Corporation Berhad (KLSE:PENTA) seems to have captured institutional investors' interest
Key Insights Given the large stake in the stock by institutions, Pentamaster Corporation Berhad's stock price might be...
Associated Press
Arriaga, Oluwaseyi lead Minnesota United over Atlanta United 2-1
Kervin Arriaga and Tani Oluwaseyi scored six minutes apart in the second half and Minnesota United held on for a 2-1 victory over Atlanta United on Saturday night. Arriaga ended a scoreless match in the 54th minute with his first goal of the season for Minnesota United (6-2-2). Arriaga scored in his second start and fifth appearance off an assist from Joseph Rosales.
GlobeNewswire
Churchill Downs Incorporated and NBC Sports Extend Historic Partnership
Kentucky Derby to be Presented on NBC and Peacock through 2032LOUISVILLE, Ky., May 04, 2024 (GLOBE NEWSWIRE) -- Churchill Downs Incorporated (Nasdaq: CHDN) ("CDI") announced today that NBC Sports will continue to host the Kentucky Derby on NBC and Peacock through 2032. CDI’s partnership with NBC Sports began in 2001. This multi-year partnership extension will make NBC the first media company to present the most prestigious event in horse racing for over three decades. “As we celebrate the 150th
Reuters
UPDATE 1-UAW workers ratify US labor deal with Daimler Truck
Members of the United Auto Workers on Saturday ratified a new labor contract with Daimler Truck that includes at least a 25% general wage increase over the four-year deal. The vote was 94.5% in favor of the new contract, which covers more than 7,300 hourly UAW workers after a tentative agreement was reached in late April, averting a strike at the 11th hour. The contract covers hourly workers at six facilities in southern states where unionization has traditionally been low, including four factories in North Carolina and parts warehouses in Georgia and Tennessee.
Associated Press
Kentucky Derby victory aboard Mystik Dan provides signature win for jockey Brian Hernandez Jr.
Brian Hernandez Jr. will need a minute to digest his signature victory in the 150th Kentucky Derby. Maybe even more time since the milestone derby capped the best weekend of a jockey career spent mostly under the radar. The Louisiana native rode Mystik Dan to an epic win Saturday at Churchill Downs, sliding past favorite Fierceness along the rail at the final turn and holding off Sierra Leone and Forever Young by a nose in an epic three-horse photo finish.
GlobeNewswire
Mystik Dan Wins the Historic 150th Running of the Kentucky Derby Presented by Woodford Reserve
New All-Time Handle Record Set for the Kentucky Derby Race, Kentucky Derby Day Program, and Kentucky Derby Week RacesLOUISVILLE, Ky., May 04, 2024 (GLOBE NEWSWIRE) -- Churchill Downs Incorporated (Nasdaq: CHDN) (the “Company”, “CDI”) announced today that a jubilant crowd of nearly 157,000 Derby fans gathered at Churchill Downs Racetrack (“Churchill Downs”) to celebrate and witness Mystik Dan claim the Garland of Roses at the 150th running of the Kentucky Derby presented by Woodford Reserve at 18
Yahoo Lifestyle
Mum-to-be sparks debate online after exposing restaurant’s ‘messed up’ mistake: ‘It's not right'
The restaurant's bold assumption has divided the internet. Read more to see what a doctor had to say.
People
Jewel Wears Second Show-Stopping Gown at Her Art Exhibit Preview — See the Ethereal Look
The singer donned two dresses that looked like works of art at the preview of her exhibition, The Portal: An Art Experience by Jewel, on May 3
Associated Press
Luciano Acosta scores for 3rd consecutive game, Cincinnati beats Orlando City 1-0
Luciano Acosta scored a goal for the third consecutive game and Roman Celentano had two saves to help FC Cincinnati beat Orlando City 1-0 on Saturday night. The 23-year-old Celentano has four shutouts this season. Cincinnati (6-2-3), has won three consecutive games following back-to-back losses to the New York Red Bulls and Montreal.
Simply Wall St.
Chin Hin Group Berhad's (KLSE:CHINHIN) biggest owners are private companies who got richer after stock soared 26% last week
Key Insights The considerable ownership by private companies in Chin Hin Group Berhad indicates that they collectively...
The Daily Beast
Stylist Icon Law Roach Listens to Critics. Just Don’t Come for Zendaya.
Photo Illustration by Luis G. Rendon/The Daily Beast/Getty ImagesLaw Roach is no stranger to controversial looks. Whether the renowned celebrity stylist and image architect is showing up bulge-first to the 2023 CFDA awards or dressing his longtime client Zendaya in ostentatious tennis couture for her Challengers press tour, Roach is unafraid of risk on the red carpet. That confident conviction extends to his larger body of work, too. Last year, Roach shocked the fashion and entertainment industr
Associated Press
Status quo for the leading four teams in Super Rugby Pacific after 11 rounds
Super Rugby Pacific’s playoff race changed only marginally in the weekend’s 11th round as the pacemakers showed few signs of faltering and the others jostled to keep up. Behind them, the Queensland Reds moved up to fifth with a win over the defending champion Crusaders, the Melbourne Rebels dropped back to sixth after losing to the Blues, the Dunedin, New Zealand-based Highlanders are in seventh place after a win over Moana Pasifika in the first Super Rugby match played in Tonga, and the Fijian Drua hung on to remain in the top eight. Moana Pasifika is now three points behind the Drua in ninth place, the Christchurch-based Crusaders are a further point back in 10th, the New South Wales Waratahs are a full five points behind the Drua in 11th and the last-place Western Force are all but out of the race.
The Hill
Trump campaign says it raised $76 million last month
Former President Trump and the Republican National Committee (RNC) raised over $76 million last month, according to a campaign official. Trump’s advisers, Susie Wiles, Chris LaCivita and Tony Fabrizio, shared that the former president’s political operation is projected to have raked in $76.2 million in April, the official confirmed. The expected haul, first reported by…
People
13-Year-Old Girl Allegedly Attacked by Classmate and Their Mother on a School Bus in Texas
A middle school student in Denton says she was attacked by a classmate and her mother as she rode the bus home from school on April 23
Associated Press
Quick start sends Earthquakes to 3-1 victory over LAFC
Rodrigues gave San Jose the lead in the 5th minute and the Earthquakes never looked back in a 3-1 victory over Los Angeles FC at Levi's Stadium on Saturday night. San Jose (2-8-1), which ended a five-match unbeaten run, jumped out to a 1-0 lead on defender Rodrigues' second goal of the season. Cristian Espinoza notched his sixth assist on Rodrigues' header from the center of the box to the bottom right corner of the net off a corner kick.
BBC
Northern Ireland: Why Brexit isn't 'done' for some
Events this week show that Brexit will keep rearing its head, writes economics editor John Campbell.

NZX 50

NZD/USD

NZD/EUR

ALL ORDS

ASX 200

OIL

GOLD

NASDAQ

FTSE

Dow Jones

DAX

Hang Seng

NIKKEI 225

NZD/JPY

2022 US Payment Card Industry (PCI) Data Security Audit Program: PCI Standard, Sarbanes-Oxley Sections 103a, 302, 404, 409, 801a and 802 for Security and Retention of Data Compliant

Latest stories

Dow Jones Futures: Stock Market Makes Bullish Move, Nvidia In Buy Area; Palantir, These AI Plays On Tap

Lowe has 4 hits as Rangers beat Royals 15-4

Lionel Messi smashes MLS and personal records with goal, 5 assists in a single half

J.Lo’s Career Identity Crisis Needs a New ‘Monster-in-Law’

With 46% stake, Pentamaster Corporation Berhad (KLSE:PENTA) seems to have captured institutional investors' interest

Arriaga, Oluwaseyi lead Minnesota United over Atlanta United 2-1

Churchill Downs Incorporated and NBC Sports Extend Historic Partnership

UPDATE 1-UAW workers ratify US labor deal with Daimler Truck

Kentucky Derby victory aboard Mystik Dan provides signature win for jockey Brian Hernandez Jr.

Mystik Dan Wins the Historic 150th Running of the Kentucky Derby Presented by Woodford Reserve

Mum-to-be sparks debate online after exposing restaurant’s ‘messed up’ mistake: ‘It's not right'

Jewel Wears Second Show-Stopping Gown at Her Art Exhibit Preview — See the Ethereal Look

Luciano Acosta scores for 3rd consecutive game, Cincinnati beats Orlando City 1-0

Chin Hin Group Berhad's (KLSE:CHINHIN) biggest owners are private companies who got richer after stock soared 26% last week

Stylist Icon Law Roach Listens to Critics. Just Don’t Come for Zendaya.

Status quo for the leading four teams in Super Rugby Pacific after 11 rounds

Trump campaign says it raised $76 million last month

13-Year-Old Girl Allegedly Attacked by Classmate and Their Mother on a School Bus in Texas

Quick start sends Earthquakes to 3-1 victory over LAFC

Northern Ireland: Why Brexit isn't 'done' for some