PCI Requirement 12.1 & 12.1.1 – Establish, Publish, Maintain, and Disseminate a Security Policy
PCI v4.0 - 12.1.2: Review and Update Your Information Security Policy Regularly
PCI v4.0 - 12.1.1: Have and Utilize an Information Security Policy
PCI v4.0 - 12.1.3: Ensure Your Information Security Policy Defines Roles and Responsibilities
PCI Requirement 12: Maintain a Policy that Addresses Information Security for All Personnel
PCI v4.0 - 12.1.4: Formally Assign Information Security Responsibility to a CISO
PCI Requirement 12.6.1 – Educate Personnel Upon Hire and at Least Annually
PCI Requirement 12.7 – Screen Personnel Prior to Hire to Minimize the Risk of Attacks
PCI Requirement 5.1 – Deploy Anti-Virus Software on all Commonly Affected Systems
The Importance of Publishing an Information Security Policy
PCI Requirement 12.10.1 – Create the Incident Response Plan to Be Implemented
PCI Requirement 12.8 & 12.8.1 – Manage Service Providers with Cardholder Data Access
PCI Requirement 12.11.1 – Maintain Documentation of Quarterly Review Process
PCI Requirement 12.3.1 – Explicit Approval by Authorized Parties
PCI Requirement 12.2 – Implement a Risk Assessment Process
PCI Requirement 12.6 – Implement a Formal Security Awareness Program
PCI Requirement 12.10 – Implement an Incident Response Plan
PCI Requirement 8.1.8 – Require Re-Authentication After 15 Minutes of Inactivity
Update Your Policy When Your Environment Changes
PCI Requirement 12.5 – Assign Information Security Management Responsibilities to a Team
