The PCI Data Security Standard (PCI DSS)
The PCI DSS is a security standard that helps organizations to
proactively protect customer account data. The standard constantly
evolves to remain viable in today’s rapidly changing Internet and
computing environment. It is reviewed at least every 24 months, and can
be updated at any time. To learn more about the standard, visit
www.pcisecuritystandards.org.
Compliance with PCI DSS and PA DSS
Credit card companies require compliance with PCI DSS for every entity
that is involved in the storage, processing, or transmission of credit
card information. Failure to comply can result in denial or revocation
of your organization’s facility to process credit cards.
Furthermore, as these standards have become widely recognized,
non-compliance places your organization at risk of legal and/or civil
consequences if credit card information becomes compromised.
Compliance with PCI DSS is necessary whether or not you use Plesk to
process transactions online. Even if you use a POS terminal or other
methods to process transactions, and simply retain information in Plesk,
you must ensure proper use of the program to maintain the security and
confidentiality of customer data.
Since July 1, 2010, Credit Card Processors and Bank Card Acquirers have
had to ensure that merchants and agents use only Payment Application
Data Security Standard (PA DSS) compliant applications. Plesk is
certified as compliant under the security standard that applies to
software vendors that develop applications for sale to merchants to
process and/or store cardholder data.
Plesk PCI DSS Compliance
To protect sensitive data hosted on your server and to make Plesk PCI
DSS compliant, you should implement special security measures.
Regardless of an operating system type you use, the measures are as
follows:
- Ensure that software incorporates all security updates.
- Set up encryption of remote connections.
- Prohibit access to databases server from external addresses.
- Disable weak SSL/TLS/TLS ciphers and protocols for web servers, mail
servers, and components. - Prevent services from disclosing information about your data and
versions of software you use.