7/29/2019 WP Database Security for PCI Compliance

1/13

SecurityStandards Council

Database Security or PCI ComplianceThe Payment Card Industry Data Security Standard (PCI DSS) sets orth security

requirements or organizations that store, process, and/or transmit credit card

transactions. To meet these data security requirements, organizations need to

implement complex processes that oten turn into a costly burden.

Designed or auditors, security proessionals, and database administrators, this

paper analyzes PCI compliance challenges and outlines applicable solutions. This

paper ocuses on the key PCI DSS requirements that impact database security:

PCI Requirement 10:Track and monitor all access to network resourcesand cardholder data

PCI Requirement 8.5.5:Remove and/or disable inactive user accounts

at least every 90 days

PCI Requirement 7:Limit access to cardholder data by business

need-to-know

PCI Requirement 6.1:Ensure all system components and software are

protected from known vulnerabilities by installing the latest vendor-supplied

security patches

Data in Scope:Identify, and track, all locations of cardholder data

C

omplia

nce

Organizations that process or store cardholder data are

obligated to secure it to minimize their fnancial exposure

to a data breach and maintain customer trust in their

ability to securely transact business.

7/29/2019 WP Database Security for PCI Compliance

2/13