PCI DSS is comprised of 12 requirements for protecting account data:

1.0: Install and maintain a firewall configuration to protect cardholder data.

2.0: Do not use vendor supplied defaults for system passwords and other security parameters.

3.0: Protect cardholder data.

4.0: Encrypt transmission of cardholder data across open, public networks.

5.0: Use and regularly update anti-virus software and programs.

6.0: Develop and maintain secure systems and applications.

7.0: Restrict access to cardholder data by business need to know.

8.0: Assign a unique ID to each person with a computer access.

9.0: Restrict physical access to cardholder data.

10.0: Track and monitor all access to network resources and cardholder data.

11.0: Regularly test security systems and processes.

12.0: Maintain a policy that addresses information security for all personnel.

Investment & Treasury Operations Office

152 Maple Street
Marble Works, Suite 102
Middlebury College
Middlebury, VT 05753
Phone: 802-443-5751