The Security Standards Council of the Payment Card Industry (PCI) owns and maintains a rigorous set of requirements known as the Data Security Standard (DSS) that all merchants, payment processors, point of sale vendors, and financial institutions must follow. Since the core concern of PCI is the protection of cardholder data, these requirements focus on user access to the servers that host this data, or through which such data passes.
PCI DSS is one of the most prescriptive industry standards and provides a wide variety of security controls organizations need to establish to become and stay compliant. The PCI DSS 3.2.1 consists of 12 requirements spread across six domains. This white paper examines each of the requirements and explores how organizations can improve their compliance posture with Centrify Identity-Centric Privileged Access Management.