Legal Regulations and Compliance for PCI DSS
Added on 2023-06-03
6 Pages1177 Words88 Views
Running head: LEGAL REGULATIONS AND COMPLIANCE
LEGAL REGULATIONS AND COMPLIANCE
Name of student:
Name of university:
Author’s note:
LEGAL REGULATIONS AND COMPLIANCE
Name of student:
Name of university:
Author’s note:
1LEGAL REGULATIONS AND COMPLIANCE
Lab report file
Task 4
The standard of PCI DSS is a document that has been approved with the consensus by
recognised body, which offers the common and repeated use, guidelines, rules or the
characteristics for the products or associated processes and the methods of production, where
compliance is not compulsory. This deals or includes exclusively with the symbols,
terminology, and marking, packaging or the requirements of labelling as these are applied to
any product, production method or process.
The feature of any service, interface, material, process, or product are described by a
standard. The embodiment is done in various forms, like the term definition; description of
design and construction; detailing of the procedures; or the criteria of performance against
which the measurement of any process, product can be done. The standards of process and
product can consist of various particular functions. The process of standardisation offers a
basic for the agreements for the technical or trade and the regulations that are technical.
A law is the document that is issued by the government that provides the structure of the
characteristics of the product or the connected methods of production and processes, which
includes the applicable provisions of administration, where compliance is compulsory. This
deals or includes exclusively with the symbols, terminology, and marking, packaging or the
requirements of labelling as these are applied to any product, production method or process.
There is no requirement of consensus for the establishment of this regulation.
The major difference among the regulation of standard and technical lies in the compliance.
while the conformity with the standards is voluntary, the nature of the laws is mandatory.
Lab report file
Task 4
The standard of PCI DSS is a document that has been approved with the consensus by
recognised body, which offers the common and repeated use, guidelines, rules or the
characteristics for the products or associated processes and the methods of production, where
compliance is not compulsory. This deals or includes exclusively with the symbols,
terminology, and marking, packaging or the requirements of labelling as these are applied to
any product, production method or process.
The feature of any service, interface, material, process, or product are described by a
standard. The embodiment is done in various forms, like the term definition; description of
design and construction; detailing of the procedures; or the criteria of performance against
which the measurement of any process, product can be done. The standards of process and
product can consist of various particular functions. The process of standardisation offers a
basic for the agreements for the technical or trade and the regulations that are technical.
A law is the document that is issued by the government that provides the structure of the
characteristics of the product or the connected methods of production and processes, which
includes the applicable provisions of administration, where compliance is compulsory. This
deals or includes exclusively with the symbols, terminology, and marking, packaging or the
requirements of labelling as these are applied to any product, production method or process.
There is no requirement of consensus for the establishment of this regulation.
The major difference among the regulation of standard and technical lies in the compliance.
while the conformity with the standards is voluntary, the nature of the laws is mandatory.
2LEGAL REGULATIONS AND COMPLIANCE
The requirements that are specified by the PCI DSS for the compliance are twelve that are
organised into six groups that are logically related called as control objectives. These six
groups are as follows:
Building and maintaining a network and system that is secure
Protecting of the data of cardholders
Maintenance of a program of Vulnerability Management
Implementation of Strong Access Control Measures
Regular monitoring and testing of networks
Maintenance of policy of Information security
The division of these six requirements into numerous sub-requirements has been done by
each version of PCI DSS uniquely, but any alteration has not been done to the twelve high-
level requirements since the implementation of these standard. The breakdown of every
requirement in additional sections:
1. Declaration of requirement: the main description of the requirement is defined by this.
PCI DSS is endorsed on the specific implementation of requirements.
2. Process of testing: the methodologies and processes are executed by the assessor to
confirm the proper implementation procedure.
3. Guidance: The core purpose of the requirement is explained by this and the respective
content that can assist to properly define the requirement.
The 12 requirements to build and maintain a network and systems that is secure can be
summarised as:
The requirements that are specified by the PCI DSS for the compliance are twelve that are
organised into six groups that are logically related called as control objectives. These six
groups are as follows:
Building and maintaining a network and system that is secure
Protecting of the data of cardholders
Maintenance of a program of Vulnerability Management
Implementation of Strong Access Control Measures
Regular monitoring and testing of networks
Maintenance of policy of Information security
The division of these six requirements into numerous sub-requirements has been done by
each version of PCI DSS uniquely, but any alteration has not been done to the twelve high-
level requirements since the implementation of these standard. The breakdown of every
requirement in additional sections:
1. Declaration of requirement: the main description of the requirement is defined by this.
PCI DSS is endorsed on the specific implementation of requirements.
2. Process of testing: the methodologies and processes are executed by the assessor to
confirm the proper implementation procedure.
3. Guidance: The core purpose of the requirement is explained by this and the respective
content that can assist to properly define the requirement.
The 12 requirements to build and maintain a network and systems that is secure can be
summarised as:
End of preview
Want to access all the pages? Upload your documents or become a member.