IT-13 Standard for Testing of Networks Processing Cardholder Data


In this article

Purpose

This document establishes a formal testing standard and outlines the related requirements specified in the Payment Card Industry Data Security Standards (PCI DSS) that must be implemented into all University of Maryland (UMD) network infrastructures that are processing cardholder data.

Top

Additional authority

The following standards help guide the content of this document: Payment Card Industry Data Security Standard - Requirement 11.

Top

Scope

This standards applies to all UMD network infrastructures that are transmitting and processing cardholder data. PCI DSS defines the following data elements as cardholder data.

Top

Standard

Testing must be performed on networks that are processing cardholder data to ensure that the technical security controls that are in place are functioning properly and protecting against the most current vulnerabilities. Additionally, performing testing on networks can assist with discovering security vulnerabilities and potential compromises. The requirements specified in this standard details the network testing requirements that must be followed in order to be compliant with PCI DSS.

NOTE: As a general rule, every PCI Standard should be reviewed annually and updated as needed to reflect changes to business objectives or the risk environment.

Top

Requirements

Top