PCI Requirement 12.5.1 – Establish, Document, and Distribute Security Policies and Procedures
PCI v4.0 - 12.5.1: Maintain an Inventory of System Components That Are in Scope
PCI Requirement 12.5.4 – Administer User Accounts, Including Additions, Deletions, and Modifications
PCI Requirement 2.1 - Always Change Vendor-Supplied Defaults
PCI Requirement 9.5 – Physically Secure all Media
PCI Requirement 12.6 – Implement a Formal Security Awareness Program
PCI Requirement 10.8.1 –Respond to Failures of Any Critical Security Controls in a Timely Manner
PCI Requirement 9.8 – Destroy Media When it is no Longer Needed
PCI Requirement 9.9.3 – Provide Training for Personnel to Be Aware of Attempted Tampering of Devices
PCI Requirement 12.8.3 – Ensure there is an Established Process for Engaging Service Providers
PCI Requirement 10.8 –Implement a Process for the Detection of Failures of Critical Control Systems
PCI Requirement 9.8.1 – Shred Hard-Copy Materials so CHD Cannot be Reconstructed
PCI Requirement 2.4 - Maintain an Inventory of In-Scope System Components
PCI DSS Requirement 1.2.2 Secure and Synchronize Router Configuration Files
PCI Requirement 9.5.1 – Store Media Backups in a Secure Location and Review the Location’s Security
PCI Requirement 3.1 - Keep Cardholder Data Storage to a Minimum
PCI DSS Requirement 1.1.7 - Review Firewall and Router Rule Sets
PCI Requirement 12.8.2 - Service Providers are Responsible for the Security of Cardholder Data
PCI DSS Requirement 1.2 Restrict Connections to Untrusted Networks
PCI Requirement 6.7 – Ensure Policies & Procedures for Systems Are Documented, in Use & Known