PCI DSS Compliance Dashboard¶
Payment Card Industry Data Security Standard
Scope: Global | Version: PCI DSS v4.0 | Domain: Security
Overview¶
PCI DSS provides a baseline of technical and operational requirements designed to protect payment account data. It applies to all entities that store, process, or transmit cardholder data.
Controls¶
PCI-C001: Network Security Controls¶
- Requirement: Install and maintain network security controls
- Automated: Yes
- Evidence: Firewall configurations, network diagrams
PCI-C002: Data Encryption¶
- Requirement: Protect stored account data with strong cryptography
- Automated: Yes
- Evidence: Encryption audit, key rotation logs
PCI-C003: Vulnerability Management¶
- Requirement: Protect systems and networks from malicious software
- Automated: Yes
- Evidence: Vulnerability scan reports, patch management logs
PCI-C004: Access Restriction¶
- Requirement: Restrict access to system components and cardholder data
- Automated: Yes
- Evidence: Access control lists, authentication logs
Compliance Gates¶
| Gate | Control Ref | Requirement | Status |
|---|---|---|---|
| PCI-G001 | PCI-C001 | Firewall rules reviewed bi-annually | |
| PCI-G002 | PCI-C002 | Encryption meets minimum key lengths | |
| PCI-G003 | PCI-C003 | Quarterly vulnerability scans completed |
Metrics¶
| Metric | Target | Source | Trend |
|---|---|---|---|
| Vulnerability remediation rate | 100% within SLA | vuln_scanner | Improving |
| Encryption coverage | 100% | crypto_audit | Stable |
| Access review completion | 100% quarterly | access_system | Improving |
Recommended Actions¶
- Complete quarterly ASV vulnerability scans
- Review and update firewall rules
- Conduct annual penetration testing