This section is a work in progress and should be finished shortly.
*This section is adapted from the PCI DSS books.
The body of the program is much closer aligned with requirements 1 through 11 of PCI DSS than the governance, but I will still split a few other categories.
The first 11 requirements are:
- Requirement 1 - Firewall - Isolating the Cardholder Data Environment (CDE)
- Requirement 2 - Hardening
- Requirement 3 - Storage of Cardholder Data
- Requirement 4 - Transmission of Cardholder Data
- Requirement 5 - Antivirus / Antimalware
- Requirement 6 - Vulnerabilities, Patching, Change Control and Software and Web Development
- Requirement 7 - Need to know
- Requirement 8 - Authentication
- Requirement 9 - Physical security
- Requirement 10 - Logging & Monitoring (audit trails)
- Requirement 11 - Testing
I also use the following categories: