Order and Download PCI Compliance Policies for Requirement 3

PCI compliance policies are a vital ingredient for any merchant, service provider or other entity needing to comply with the Payment Card Industry Data Security Standards (PCI DSS) mandates as put forth by the Payment Card Industry Security Standards Council (PCI SSC).

Requirement 3, "Protect Stored Cardholder Data" requires PCI compliance policies for the following areas:

• Policies and procedures for data retention and disposal.
• Written policies for displaying the Primary Account Number (PAN).
• Key management procedures.

Organizations quickly realize that the time and effort required in developing PCI compliance policies for Requirement 3 can be quite extensive. The reason for this is that these specific policy and procedure requirements are not easy to develop because they take time in understanding how to develop documentation that is correct in grammar, content, and that it includes all essential items to be covered. A data retention and disposal policy needs to include a number of items for it to be considered a worthy and credible document. The same can be said for having documented PCI compliance policies for displaying and protecting the Primary Account Number, known as the PAN. Similarly, key management procedures used for encryption of cardholder data must address the following requirements for ensuring further compliance with the Payment Card Industry (PCI) Data Security Standards (DSS) Initiatives:

1. Generation of strong keys.
2. Secure key distribution.
3. Secure key storage.
4. Periodic key changes at least annually.
5. The retirement of old keys (for example: archiving, destruction, and revocation as applicable).
6. The replacement of known or suspected compromised keys.
7. Split knowledge and dual control of keys (for example, requiring two or three people, each knowing only their own part of the key, to reconstruct the whole key.
8. The prevention of unauthorized substitution of keys.
9. Require key custodians to sign a form specifying that they understand and accept their key custodian responsibilities.

If you want to learn more about PCI compliance policies, then view the table of contents today.

Merchants and service providers can quickly see the time and effort needed in writing and developing PCI compliance policies. The quick and easy solution is to order the Payment Card Industry Data Security Standards (PCI DSS) Information Security Policy & Procedures Manual pcipolicyportal.com, the most comprehensive set of PCI compliance policies.