Professional Documents
Culture Documents
PCI DSS
1.2
2008 10
PCI DSS v1.2 2008 10
Copyright 2008 PCI Security Standards Council LLC i
2008 10 1 1.2 PCI DSS v1.2 v1.1
.........................................................................................................................................
.....................i
.........................................................................................................................................
.......................................iii
.......................................................................................1
............................................................................................................................ 2
1 2
.........................................................................................................................................
................................................ 3
PCI
.....................................................................................................4
1 2
.............................................................................5
1
......................................................................................... 5
2
...................................................... 10
3 4
.................................................................................................13
3
.........................................................................................................................................
........... 13
4
...................................................................................... 19
5 6 ...........................................................21
5
.......................................................................................................... 21
6
............................................................................................................. 23
78 9
..........................................................29
7
.................................................................................................... 29
8
ID.......................................................................................................... 30
9
................................................................................................................................ 34
10 11
.......................................................................38
10
................................................................................. 38
11
......................................................................................................................... 41
12
.................................................................................43
12
............................................................. 43
A.1 PCI DSS
......................................49
A PCI
.................................................................................51
PCI DSS v1.2 2008 10
Copyright 2008 PCI Security Standards Council LLC iii
12 (PCI DSS)
(
)
PCI DSS PCI DSS
(SAQ) PCI DSS PCI
DSS v1.2
PCI DSS
WebProxy
(NTP)
(DNS)
()
(QSA)
PCI DSS
PCI SSC
https://www.pcisecuritystandards.org/pdfs/pci_qsa_list.pdf
PCI DSS v1.2 2008 10
Copyright 2008 PCI Security Standards Council LLC 1
(PAN)
()
PAN
PCI DSS 3 4
3
CAV2/CVC2/CVV2/CID
2
PIN/PIN
1
PAN PCI DSS
()
PAN
PCI DSS
2
()
3
() 4
5
PIN 6
6
/
PIN
PCI DSS v1.2 2008 10
Copyright 2008 PCI Security Standards Council LLC 3
1 2
( 1 2)
1 2
1 2
1 2
79
40
PCI DSS v1.2 2008 10
Copyright 2008 PCI Security Standards Council LLC 4
PCI
3
4
5
6
7
8 ID
9
10
11
12
PCI DSS v1.2 2008 10
Copyright 2008 PCI Security Standards Council LLC 5
1 2
1
() ()
()
1.1
1.1.1
1.1.2
PCI DSS
1.1.4
1.1.5
()
()
1.1.6
(
)
(
/)
()
1.2.1
IP
(
)
1.2.2
()
1.2.3
(
)
()
()
1.3.1 DMZ
1.3.2 DMZ IP
IP
)
1.3.3
DMZ
( Web )
1.3.4
DMZ
IP
IP
(
)
1.3.5
DMZ IP
DMZ
DMZ
DMZ
PCI DSS v1.2 2008 10
Copyright 2008 PCI Security Standards Council LLC 9
1.3.6
(
)
()
()
1.3.7 DMZ
DMZ
(NAT)
(PAT)
IP
IP
IP IP
1.4
/
()
/ rootkit ()
2.1
(
(SNMP)
)
()
2.1.1
SNMP
()
802.11x (WEP)
( WPA/WPA2)
2.2
()
www.nist.govwww.sans.orgwww.cisecurity.org
PCI DSS v1.2 2008 10
Copyright 2008 PCI Security Standards Council LLC 11
2.2.1
1. Web
2.
()
( UnixLinux Windows )
2.2.2
(
)
1.1.7 (
)
2.2.3
2.2.4
Web
(
/ FTP
Web )
2.3
SSHVPN SSL/TLS Web
(
)
A
PCI DSS v1.2 2008 10
Copyright 2008 PCI Security Standards Council LLC 13
3 4
3
PAN
PAN
PCI DSS PA-DSS
PCI
DSS
3.1
PAN ()
3.2
()
3.2.1 3.2.3
() 7
8
PIN 9
9
/
PIN
PCI DSS v1.2 2008 10
Copyright 2008 PCI Security Standards Council LLC 14
3.2.1 (
)
1 2
(PAN)
3.2.2
(
)
PCI DSS PA-DSS
/ (MO/TO)
MO/TO
3.2.3
(PIN) PIN
PIN (
ATM )
PCI DSS v1.2 2008 10
Copyright 2008 PCI Security Standards Council LLC 15
3.3 PAN (
PAN
(
[POS] )
PAN
PAN
PCI
9 PAN
PAN
3.4 PAN
()
PAN
(
) (
) PAN
PAN
PAN ( PAN)
PCI DSS PA-DSS
( SHA-1)
(
)
PAN (
)
PAN PAN (
PAN)
Token Pad (Pad
)
Token Pad
Token Token
PAN Pad
Pad
PCI DSS v1.2 2008 10
Copyright 2008 PCI Security Standards Council LLC 16
PAN
PAN B
PCI
DSS PA-DSS
(PCI
DSS PA-DSS )
3.4.1 (
)
1)
2)
3.5
3.5.1
3.5.2
(
)
PCI DSS v1.2 2008 10
Copyright 2008 PCI Security Standards Council LLC 17
3.6
()
3.6.1 3.6.8
3.6.1 PCI DSS
PA-DSS
3.6.2
3.5.1
3.6.3
()
3.6.4
(
)
3.6.5
(
)
( 3.6.6)
3.6.6
3.6.7
4.1
SSL/TLS IPSEC
PCI DSS
(GSM)
(GPRS)
/
Web SSL
URL https
v3.0 SSL (
)
4.1.1
( IEEE 802.11i)
2009 3 31 WEP
2010 6 30 WEP
WEP
WEP WEP
(IV)
WEP
(
WPA)
WEP
PAN
PAN
()
5.1
()
()
/
( CDDVD
USB )
(PDA)
Unix ()
PCI DSS 6.2
Unix ( AIXSolaris
HP-Unix)
6.2
PCI DSS v1.2 2008 10
Copyright 2008 PCI Security Standards Council LLC 22
5.1.1
5.2
6.1
(
)
()
30
2-3
6.2
(
)
PCI DSS 2.2
6.3.1.1 (
)
6.3.1.2
6.3.1.3
6.3.1.4
6.3.1.5 (RBAC)
6.3.2 /
6.3.3 /
6.3.4
( PAN)
()
6.3.5
6.3.6
ID
ID
()
PCI DSS 6.3
6.4
6.4.1
6.4.2
6.4.3
6.4.4
6.5.1 (XSS)
6.5.2 SQL
LDAPXpath
SQL Web
Web
Web
6.5.3
(RFI)
PHPXML
6.5.5 (CSRF)
Token CSRF
Web
CSRF Web
6.5.6
Web
ID
6.5.7
Token Token
Token
6.5.8 Web
6.5.9
6.6 Web
Web
Web
Web
Web
Web
Web
/
Web
Web
6.6 Web
(www.pcisecuritystandards.org)
7.1
7.1.1 ID
7.1.2
7.1.3
7.1.4
RBAC
7.2
7.2.1
7.2.2
7.2.3
(
)
8.1 ID
(
ID)
8.2 ID
(Token
)
ID
ID (
ID
)
8.3
(
)
(RADIUS)
Token (TACACS)
VPN ( SSL/TLS
IPSEC)
(
)
(
[]
/ [])
8.4 (
PCI DSS PA-DSS
)
ID /
ID
ID
8.5
ID
ID
8.5.2
(
)
ID (
)
8.5.3
8.5.4
/
HR
8.5.5 /
90
8.5.6
( POS )
12.3.8 12.3.9
8.5.7
(
)
8.5.9 90
8.5.10
8.5.11
8.5.12
ID
( Windows)
8.5.13
ID
()
8.5.14 30
ID
(
30 )
()
8.5.15 15
/
PCI DSS v1.2 2008 10
Copyright 2008 PCI Security Standards Council LLC 33
8.5.16
()
(
DBA )
PCI DSS v1.2 2008 10
Copyright 2008 PCI Security Standards Council LLC 34
9
9.1
9.1.1
9.1.2
(
)
9.1.3
9.2
()
9.3
(
)
9.3.1
9.3.2 (
)
9.3.3
9.4
9.5
9.7
9.7.1
9.6
9.7.2
()
9.8
(
)
9.6
9.9
9.6
9.9.1
9.6
9.10.1
9.10.2
PC CD
9.6
10.1
()
10.2
10.2.1
10.2.2
10.2.3
10.2.4
10.2.5
10.2.6
10.2.7
(
)
10.3.1
10.3.2
10.3.3
10.3.4
10.3.5
10.3.6
10.2
10.4
10.5
10.5.1
10.5.2
10.5.3
10.5.4
LAN
(
)
()
(DNS )
()
10.6
(IDS)
(AAA)
RADIUS
10.6
10.7
(
)
11.1
IDS/IPS
IDS/IPS
11.2 (
(PCI SSC)
(ASV)
PCI DSS
Web )
11.3.1
11.3.2
( 2.2)
11.4 /
()
/
()
11.5
()
()
(FIM)
FIM
12.1
12.1.2
12.1.3
12.2
(
12.3 (
/
(PDA))
12.3.2 ( ID
TokenVPN )
12.3.3
12.3.4
12.3.5
12.3.6
12.3.7
12.3.8
12.3.9
( POS )
15
8.5.6
12.3.10
12.4
12.5.1
12.5.2
12.5.1
12.5.4
12.5.5
12.6
12.6.1
12.6.2
(
)
/
12.7 (
9.2)
(
)
PAN
()
12.8.1
12.8.2
12.8.3
12.8.4
PCI DSS
PCI DSS
12.9
12.9.2
12.9.3
12.9.4
12.9.5
A.1 A.1.1 A.1.4
(
)
PCI DSS
PCI DSS (
)
PCI DSS A
/
PCI DSS PCI DSS
A.1.1
ID
A.1.2
(1) Web
ID (2)
(3) (4)
(5)
A.1.3
PCI DSS 10
PCI
PCI DSS
PCI
PCI A 10
PCI B 10
PCI C 10
PCI D 10