Care and Feeding of your PCI DSS Compliance Program
The DSS does little to protect your cardholder data and systems if you think of it as something that you only have to do once a year. Maintaining your program should be like maintaining your house: don’t wait to fix that leaky pipe, repair the broken window, fix the lock on the door, and take out all of the trash right before your mother-in-law shows up - you don’t want to deal with it all at once, and neglect can lead to increased effort, expense, security gaps, and non-compliance. Similarly, following a scheduled maintenance routine can help you purge unnecessary accounts and data, provide visibility into your processes, train personnel, and ensure that different business units are aware of and performing their expected duties.
The cheat sheet in the following whitepaper was developed to help you prioritize, schedule, and assign responsibility for the tasks that must be performed on a periodic basis to meet DSS 2.0 requirements. Throw this in a spreadsheet, update your group calendar, or transfer this to your GRC tool, and then off to the beach for a Mai-Tai!