Frequently Asked Question
How does the Prioritized Approach work?
The Prioritized Approach tool is intended to help guide non-compliant entities to work through the process of becoming PCI DSS compliant. The Prioritized Approach does not supersede or replace the PCI DSS; rather, it can help to identify the quickest path a non-compliant entity can take to reduce risk to cardholder data.
The Prioritized Approach focuses on six security milestones to incrementally protect against the highest risk factors and escalating threats. The milestones are structured around six core best practices, as follows:
The Prioritized Approach focuses on six security milestones to incrementally protect against the highest risk factors and escalating threats. The milestones are structured around six core best practices, as follows:
- Milestone One: If you don’t need it, don’t store it.
- Milestone Two: Secure the perimeter.
- Milestone Three: Secure applications.
- Milestone Four: Control access to your systems.
- Milestone Five: Protect stored cardholder data
- Milestone Six: Finalize your compliance efforts, and ensure all controls are in place.
November 2012
Article Number: 1170
