Core Principles of PCI DSS Framework
As stated by the Payment Card Industry (PCI) Security Standards Council (SSC):
"The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data."
The core principles of the PCI DSS framework consist of twelve (12) Payment Card Industry (PCI) Data Security Standard (DSS) requirements, organized under six (6) functional areas, commonly know as “Control Objectives”. Each functional area, or control objective, has specific requirements that must be initiated, in place and undertaken for meeting the overall objective for PCI DSS. It's important to not that the PCI DSS requirement, though specific and granular in its requirements, is not a once size fits all approach.
Different entities involved in the processing, storage, or transmission of transaction data or cardholder data will invariably have different requirements and benchmarks to meet, based on a number of parameters, such as transaction processing volume and other factors taken into consideration for PCI DSS compliance.
Author: Charles Denyer