Today is May 16, 2012
Payment Card Industry (PCI) Compliance
The Payment Card Industry (PCI) Data Security Standard (DSS) contains technical and operational requirements set by the PCI Security Standards Council (PCI SSC) to protect cardholder data. The standards apply to all organizations that process, store, or transmit cardholder data - with guidance for software developers and manufacturers of applications and devices used in those transactions.
Compliance is mandatory for all agencies accepting major payment cards. This includes cards accepted using Point-of-Sale devices and online applications. Even if these services are managed by a third party vendor, PCI compliance must be verified and documented by the agency.
The State of Mississippi selected Coalfire Systems to assist agencies in verifying, attaining, and maintaining PCI Compliance. Please see the RFP 3532 Instructions for Use Memo to procure services from Coalfire Systems.
Coalfire, DFA, and ITS led a workshop in January 2009 to outline the steps an agency must take in order to certify agency applications, networks, and/or devices for PCI compliance. The information presented at this workshop provided a high level overview of the requirements and general information on how the State of Mississippi will implement the program. Information presented at the workshop is posted below.
The PCI SSC web site provides general information regarding PCI compliance and provides access to, and information regarding, the Self Assessment Questionnaire (SAQ) and PCI compliance audits.
More information will be posted in the coming months regarding specific next steps an agency must take. For more information in the meantime, please feel free to contact DFA or ITS.
