PCI DSS v4.0.1
Payment Card Industry Data Security Standard version 4.0.1. A global security standard designed to protect cardholder data and reduce payment card fraud through technical and operational controls across six domains and twelve core requirements.
Overview
Payment Card Industry Data Security Standard version 4.0.1. A global security standard designed to protect cardholder data and reduce payment card fraud through technical and operational controls across six domains and twelve core requirements.
Framework Domains (6)
This framework is organized into 6 domain(s) covering 12 controls total.
Domain 1: Build and Maintain a Secure Network and Systems
Establish and maintain network security controls (NSCs) and apply secure configurations to all system components to protect the cardholder data environment.
Domain 2: Protect Account Data
Protect stored account data using strong controls and encrypt cardholder data during transmission over open, public networks to prevent unauthorized access.
Domain 3: Maintain a Vulnerability Management Program
Protect all systems and networks from malicious software, and develop and maintain secure systems and software to prevent exploitation of vulnerabilities.
Domain 4: Implement Strong Access Control Measures
Restrict access to system components and cardholder data by business need to know, uniquely identify all users with authentication, and restrict physical access to cardholder data.
Domain 5: Regularly Monitor and Test Networks
Log and monitor all access to network resources and cardholder data, and regularly test security systems and processes to ensure the environment is protected.
Domain 6: Maintain an Information Security Policy
An information security policy sets the direction for an entity's approach to managing information security across the enterprise and helps establish a culture of security within the organization.
Detailed control mapping and audit workflows are available in the Framework Browser demo.
Ready to audit?
Use ArabAudit to run structured assessments against this framework, map evidence automatically, and generate regulator-ready reports.