Frequently Asked Question

How does the Prioritized Approach work?
The Prioritized Approach tool is intended to help guide non-compliant entities to work through the process of becoming PCI DSS compliant. The Prioritized Approach does not supersede or replace the PCI DSS; rather, it can help to identify the quickest path a non-compliant entity can take to reduce risk to cardholder data.
The Prioritized Approach focuses on six security milestones to incrementally protect against the highest risk factors and escalating threats. The milestones are structured around six core best practices, as follows:
The Prioritized Approach focuses on six security milestones to incrementally protect against the highest risk factors and escalating threats. The milestones are structured around six core best practices, as follows:
- Milestone One: If you don’t need it, don’t store it.
- Milestone Two: Secure the perimeter.
- Milestone Three: Secure applications.
- Milestone Four: Control access to your systems.
- Milestone Five: Protect stored cardholder data
- Milestone Six: Finalize your compliance efforts, and ensure all controls are in place.
November 2012
Article Number: 1170
Featured FAQ Articles
Most Recently Updated
-
Is the expectation that any PFI investigation initiated must result in a PFI Final Report?
-
Can SAQ eligibility criteria be used for determining applicability of PCI DSS requirements for assessments documented in a Report on Compliance?
-
Do PCI DSS requirements for keyed cryptographic hashing apply to previously hashed PANs?