PCI Requirements and COBIT 4.0 Control Objectives Mapping
The following table maps the PCI DSS requirements to the COBIT 4.0 framework.
| PCI Requirement | Description | COBIT Control Objective | Description |
|---|---|---|---|
| Requirement 1 | Install and maintain a firewall configuration to protect data | DS5.10 | Network Security |
| DS9.3 | Configuration Integrity Review | ||
| Requirement 2 | Do not use vendor-supplied defaults for system passwords and other security parameters | DS5.3 | Identity Management |
| DS5.4 | User Account Management | ||
| Requirement 3 | Protect stored data | DS11.6 | Security Requirements for Data Management |
| Requirement 4 | Encrypt transmission of cardholder data and sensitive information across public networks | DS11.6 | Security Requirements for Data Management |
| Requirement 5 | Use and regularly update anti-virus software | DS5.9 | Malicious Software Prevention, Detection and Correction |
| Requirement 6 | Develop and maintain secure systems and applications | AI6.1 | Change Standards and Procedures |
| Requirement 7 | Restrict access to data by business need-to-know | PO4.11 | Segregation of Duties |
| PO7.8 | Job Change and Termination | ||
| Requirement 8 | Assign a unique ID to each person with computer access | DS5.3 | Segregation of Duties |
| DS5.4 | User Account Management | ||
| Requirement 9 | Restrict physical access to cardholder data | DS12 | Manage the Physical Environment |
| Requirement 10 | Track and monitor all access to network resources and cardholder data | AI2.3 | Application Control and Auditability |
| Requirement 11 | Regularly test security systems and processes | DS4.5 | Testing of IT Continuity |
| DS5.5 | Security Testing | ||
| Requirement 12 | Maintain a policy that addresses information security | DS5.2 | IT Security Plan |
Copyright © Cloud Software Group, Inc. All rights reserved.