Understanding Payment Card Industry Data Security Standard (PCI DSS) Policies and Controls



Any University unit that collects credit card information must have security controls in place that comply with the Payment Card Industry Data Security Standard ("PCI"). These security controls include:

  • Must be protected behind an Enterprise Network Firewall. 

  • Encrypt and protect cardholder data when either stored or transmitted. 

  • Identify and protect systems from security vulnerabilities. 

  • Implement strong access control measures that restrict access to credit card data. 

  • Monitor and test networks to ensure the integrity and confidentiality of credit card data is maintained.

  • Maintain an information security policy that addresses security controls and procedures.

If you have questions about complying with PCI, please call the Technology Help Desk at 412-624-HELP (4357).


Print Article


Article ID: 78
Tue 7/18/23 2:16 PM
Thu 6/13/24 11:22 AM

Related Services / Offerings (1)

SECURITY CONSULTING AND EDUCATION Pitt IT Security will recommend appropriate data-protection controls through security consultation and risk assessments.