{"id":4050,"date":"2013-11-11T09:44:00","date_gmt":"2013-11-11T08:44:00","guid":{"rendered":"http:\/\/10.0.1.197\/?p=4050"},"modified":"2024-08-09T09:52:45","modified_gmt":"2024-08-09T07:52:45","slug":"pci-dss-and-pa-dss-v3-0","status":"publish","type":"post","link":"http:\/\/192.168.0.78\/pci-dss-and-pa-dss-v3-0\/","title":{"rendered":"PCI DSS\u548cPA DSS V3.0\u6b63\u5f0f\u53d1\u5e03"},"content":{"rendered":"\n

2013\u5e7411\u67087\u65e5<\/strong> – \u652f\u4ed8\u5361\u884c\u4e1a\u5b89\u5168\u6807\u51c6\u59d4\u5458\u4f1a\uff08PCI SSC\uff1aPayment Card Industry Security Standards Council\uff09\u53d1\u5e03\u4e86\u652f\u4ed8\u5361\u884c\u4e1a\u6570\u636e\u5b89\u5168\u6807\u51c6\uff08PCI DSS\uff1aPCI Data Security Standard\uff09\u548c\u652f\u4ed8\u5e94\u7528\u6570\u636e\u5b89\u5168\u6807\u51c6\uff08PA DSS\uff1aPayment Application Data Security Standard\uff09\u7684\u65b0\u7248\u672c\u6807\u51c6 \u2013 Version 3.0\u7248\u672c\uff0c\u6700\u65b0\u6807\u51c6\u53ef\u4ee5\u5728PCI SSC\u7684\u5b98\u65b9\u7f51\u7ad9\u4e0a\u4e0b\u8f7d\u83b7\u53d6\u30023.0\u7248\u672c\u5c06\u4e8e2014\u5e741\u6708\u5f00\u59cb\u751f\u6548\u5e76\u542f\u7528\uff0c2.0\u7248\u672c\u53ef\u4ee5\u7ee7\u7eed\u6709\u6548\u4f7f\u7528\u76f4\u52302014\u5e7412\u670831\u65e5\uff0c\u4ece\u800c\u786e\u4fdd\u88ab\u5408\u89c4\u673a\u6784\u6709\u5145\u8db3\u7684\u65f6\u95f4\u6267\u884c\u65b0\u7248\u672c\u6807\u51c6\u5408\u89c4\u7684\u8fc7\u6e21\u3002<\/p>\n\n\n\n

\u6839\u636ePCI DSS\u548cPA DSS\u5f00\u53d1\u751f\u547d\u5468\u671f\u4ee5\u53ca\u5168\u7403\u4ea7\u4e1a\u9700\u8981\u548c\u53cd\u9988\uff0c\u8be5\u6807\u51c6\u6bcf\u4e09\u5e74\u6267\u884c\u4e00\u6b21\u6b63\u5f0f\u53d8\u66f4\u30023.0\u65b0\u7248\u672c\u534f\u52a9\u673a\u6784\u5f15\u5165\u66f4\u5927\u7684\u7075\u6d3b\u6027\uff0c\u4e14\u66f4\u52a0\u5173\u6ce8\u4e8e\u6559\u80b2\u3001\u610f\u8bc6\u548c\u5177\u6709\u5206\u4eab\u8d23\u4efb\uff08\u5982\u7b2c\u4e09\u65b9\uff09\u7684\u5b89\u5168\u6027\uff0c\u4f7f\u5f97\u5c06\u652f\u4ed8\u5b89\u5168\u4f5c\u4e3a\u4e1a\u52a1\u65e5\u5e38\u7684\u6d3b\u52a8\u3002<\/p>\n\n\n\n

\u65b0\u7248\u672c\u7684\u53d8\u66f4\u5305\u62ec\u7279\u5b9a\u7684\u5efa\u8bae\uff0c\u4f7f\u5f97PCI DSS\u878d\u5165\u5230\u65e5\u5e38\u4e1a\u52a1\u6d41\u7a0b\u548c\u6700\u4f73\u5b9e\u8df5\uff0c\u4ece\u800c\u7ef4\u62a4\u6301\u7eed\u7684PCI DSS\u5408\u89c4\uff1b\u66f4\u65b0\u4e86\u6807\u51c6\u7684\u6307\u5bfcNavigating PCI DSS\uff08\u6807\u51c6\u7684\u6307\u5bfc\u6587\u4ef6\u4e4b\u4e00\uff09\uff1b\u5e76\u589e\u5f3a\u4e86\u6d4b\u8bd5\u6d41\u7a0b\uff0c\u4ece\u800c\u4e3a\u6bcf\u4e2a\u8981\u6c42\u6f84\u6e05\u8bc4\u4f30\u7ea7\u522b\u3002<\/p>\n\n\n\n

\u65b0\u7684\u6807\u51c6\u8981\u6c42\u5305\u62ec\u5982\u4e0b\u6761\u76ee\uff08\u82f1\u6587\u539f\u6587\uff09\uff1a<\/p>\n\n\n\n

PCI DSS<\/strong>
Req. 5.1.2<\/strong> – evaluate evolving malware threats for any systems not considered to be commonly affectedReq. 8.2.3<\/strong> – combined minimum password complexity and strength requirements into one, and increased flexibility for alternativesReq. 8.5.1<\/strong> – for service providers with remote access to customer premises, use unique authentication credentials for each customer*Req. 8.6<\/strong> – where other authentication mechanisms are used (for example, physical or logical security tokens, smart cards, certificates, etc.) these must be linked to an individual account and ensure only the intended user can gain accessReq. 9.3<\/strong> – control physical access to sensitive areas for onsite personnel, including a process to authorize access, and revoke access immediately upon terminationReq. 9.9<\/strong> – protect devices that capture payment card data via direct physical interaction with the card from tampering and substitution*Req. 11.3 and 11.3.4<\/strong> – implement a methodology for penetration testing if segmentation is used to isolate the cardholder data environment from other networks, perform penetration tests to verify that the segmentation methods are operational and effective*Req. 11.5.1<\/strong> – implement a process to respond to any alerts generated by the change-detection mechanismReq. 12.8.5<\/strong> – maintain information about which PCI DSS requirements are managed by each service provider, and which are managed by the entityReq. 12.9<\/strong> – for service providers, provide the written, agreement\/acknowledgment to their customers as specified at requirement 12.8.2*<\/p>\n\n\n\n

PA-DSS<\/strong>
Req. 5.1.5<\/strong> \u2013 payment application developers to verify integrity of source code during the development processReq. 5.1.6<\/strong> \u2013 payment applications to be developed according to industry best practices for secure coding techniquesReq. 5.4<\/strong> – payment application vendors to incorporate versioning methodology for each payment applicationReq. 5.5<\/strong> – payment application vendors to incorporate risk assessment techniques into their software development processReq. 7.3<\/strong> – application vendor to provide release notes for all application updatesReq. 10.2.2<\/strong> – vendors with remote access to customer premises (for example, to provide support\/maintenance services) use unique authentication credentials for each customerReq. 14.1<\/strong> \u2013 provide information security and PA-DSS training for vendor personnel with PA-DSS responsibility at least annually<\/p>\n\n\n\n

\u66f4\u8be6\u7ec6\u7684\u6807\u51c6\u53d8\u66f4\u6458\u8981\u53ef\u4ee5\u5728PCI DSS\u5b98\u65b9\u7f51\u7ad9\u4e0a\u83b7\u53d6\u3002<\/p>\n\n\n\n

atsec\u5c06\u4e8e12\u670812\u65e5\u548c13\u65e5\u5728\u6df1\u5733\u5f00\u5c55\u5168\u9762\u7684PCI DSS\u57f9\u8bad\uff0c\u5e76\u5c06\u5173\u6ce8PCI DSS v3.0\u4ecb\u7ecd\u548c\u53d8\u66f4\u7684\u5f71\u54cd\u5206\u6790\u7814\u8ba8\u3002\u8be6\u7ec6\u8bfe\u7a0b\u4fe1\u606f\u8bf7\u70b9\u51fb\uff1aatsec PCI\u57f9\u8bad\u62db\u751f\u7b80\u7ae0<\/a>\u3002<\/p>\n\n\n\n

\u5173\u4e8e\u827e\u7279\u8d5b\u514b<\/strong>(atsec)<\/strong>\u4fe1\u606f\u5b89\u5168<\/strong>
\u827e\u7279\u8d5b\u514b\u4fe1\u606f\u5b89\u5168\uff08atsec information security\uff09\u662f\u4e00\u5bb6\u72ec\u7acb\u4e14\u57fa\u4e8e\u6807\u51c6\u7684\u4fe1\u606f\u6280\u672f\uff08IT\uff1aInformation Technology\uff09\u5b89\u5168\u670d\u52a1\u516c\u53f8(www.atsec.com)\uff0c\u5b83\u5f88\u597d\u5730\u5c06\u5546\u4e1a\u5bfc\u5411\u7684\u4fe1\u606f\u5b89\u5168\u65b9\u6cd5\u548c\u6df1\u5165\u7684\u6280\u672f\u77e5\u8bc6\u4ee5\u53ca\u5168\u7403\u7684\u7ecf\u9a8c\u76f8\u7ed3\u5408\u3002atsec\u5728\u5fb7\u56fd\u6155\u5c3c\u9ed1\u6210\u7acb\u4e8e2000\u5e74\uff0c\u5e76\u4e14\u901a\u8fc7\u7f8e\u56fd\u3001\u5fb7\u56fd\u3001\u745e\u5178\u548c\u4e2d\u56fd\u7684\u529e\u516c\u5ba4\u5f00\u5c55\u4e86\u5e7f\u6cdb\u7684\u56fd\u9645\u4e1a\u52a1\u3002atsec\u63d0\u4f9b\u7684\u670d\u52a1\u5305\u62ec\u6b63\u5f0f\u7684\u5b9e\u9a8c\u5ba4\u6d4b\u8bd5\u548c\u8bc4\u4f30\u3001\u72ec\u7acb\u7684\u6d4b\u8bd5\u548c\u8bc4\u4f30\u4ee5\u53ca\u4fe1\u606f\u5b89\u5168\u54a8\u8be2\u3002<\/p>\n\n\n\n

atsec\u63d0\u4f9bPCI SSC\u4f53\u7cfb\u4e0b\u7684\u670d\u52a1\uff0c\u5e76\u4e14atsec\u662f\u4e00\u5bb6\u80fd\u591f\u63d0\u4f9bPCI DSS\u548cPA-DSS\u6807\u51c6\u7684\u8bc4\u4f30\u670d\u52a1\u7684QSA\u516c\u53f8\u3002atsec\u4e2d\u56fd\u662f\u76ee\u524d\u552f\u4e00\u4e00\u5bb6\u5728\u4e2d\u56fd\u4ee5\u72ec\u7acb\u7684\u5b9e\u4f53\u83b7\u5f97\u4e86PCI SSC\u7684QSA\u3001ASV\u548cPA QSA\u8d44\u8d28\u7684\u4e2d\u7acb\u7684\u4fe1\u606f\u5b89\u5168\u8bc4\u4f30\u673a\u6784\u3002atsec\u7684\u6e17\u900f\u6d4b\u8bd5\u3001\u5e94\u7528\u5b89\u5168\u3001ASV\uff08Approved Scanning Vendor\uff09\u670d\u52a1\u548c\u4fe1\u606f\u5b89\u5168\u54a8\u8be2\u670d\u52a1\uff0c\u4f5c\u4e3a\u8bc4\u4f30\u670d\u52a1\u5de5\u4f5c\u7684\u6709\u529b\u652f\u6491\u3002atsec\u662f\u4e00\u5bb6\u72ec\u7acb\u7684\u516c\u53f8\uff0c\u5e76\u4e14\u4e0e\u5176\u5b83\u4ea7\u54c1\u4f9b\u5e94\u5546\u6ca1\u6709\u4efb\u4f55\u5546\u4e1a\u5173\u7cfb\u3002<\/p>\n\n\n\n

atsec\u63d0\u4f9b\u7f8e\u56fd\u56fd\u5bb6\u6807\u51c6\u4e0e\u6280\u672f\u7814\u7a76\u59d4\u5458\u4f1a\uff08NIST\uff1aNational Institute of Standards and Technology\uff09\u548c\u52a0\u62ff\u5927\u901a\u8baf\u5b89\u5168\u534f\u4f1a\uff08CSEC\uff1aCommunications Security Establishment Canada\uff09\u5236\u5b9a\u7684\u5bc6\u7801\u6a21\u5757\u9a8c\u8bc1\u4f53\u7cfb\u4e0b\u7684\u5bc6\u7801\u6a21\u5757\u548c\u7b97\u6cd5\u6d4b\u8bd5\u670d\u52a1\u3002atsec\u540c\u65f6\u63d0\u4f9bNIST\u4e2a\u4eba\u8eab\u4efd\u9a8c\u8bc1\u4f53\u7cfb\uff08NPIVP\uff09\u3001\u5bc6\u7801\u7b97\u6cd5\u6d4b\u8bd5\uff08CAVP\uff1aCryptographic Algorithm Validation Program\uff09\u548c\u5b89\u5168\u5185\u5bb9\u81ea\u52a8\u5316\u534f\u8bae\uff08SCAP\uff1aSecurity Content Automation Protocol Program\uff09\u4e0b\u7684\u6b63\u5f0f\u7684\u6d4b\u8bd5\uff0c\u4ee5\u53caGSA FIPS 201 EP\u4e0b\u7684\u4ea7\u54c1\u8ba4\u53ef\u6d4b\u8bd5\u3002<\/p>\n\n\n\n

atsec\u613f\u610f\u4e0e\u4efb\u4f55\u516c\u53f8\u5408\u4f5c\uff0c\u65e0\u8bba\u5176\u89c4\u6a21\u5927\u5c0f\uff0c\u53ea\u8981\u5176\u91cd\u89c6IT\u5b89\u5168\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"

2013\u5e7411\u67087\u65e5 – \u652f\u4ed8\u5361\u884c\u4e1a\u5b89\u5168\u6807\u51c6\u59d4\u5458\u4f1a\uff08PCI SSC\uff1aPayment Ca […]<\/p>\n","protected":false},"author":6,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[11],"tags":[],"_links":{"self":[{"href":"http:\/\/192.168.0.78\/wp-json\/wp\/v2\/posts\/4050"}],"collection":[{"href":"http:\/\/192.168.0.78\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/192.168.0.78\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/192.168.0.78\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"http:\/\/192.168.0.78\/wp-json\/wp\/v2\/comments?post=4050"}],"version-history":[{"count":1,"href":"http:\/\/192.168.0.78\/wp-json\/wp\/v2\/posts\/4050\/revisions"}],"predecessor-version":[{"id":4051,"href":"http:\/\/192.168.0.78\/wp-json\/wp\/v2\/posts\/4050\/revisions\/4051"}],"wp:attachment":[{"href":"http:\/\/192.168.0.78\/wp-json\/wp\/v2\/media?parent=4050"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/192.168.0.78\/wp-json\/wp\/v2\/categories?post=4050"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/192.168.0.78\/wp-json\/wp\/v2\/tags?post=4050"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}