Introduction to PCI Compliance

Download this manual as a PDF file

This section describes how to configure SL1 to comply with PCI DSS.

Use the following menu options to navigate the SL1 user interface:

  • To view a pop-out list of menu options, click the menu icon ().
  • To view a page containing all of the menu options, click the Advanced menu icon ().

What is PCI DSS?

PCI DSS (Payment Card Industry Data Security Standard) is a set of security requirements for protecting information from customers' credit cards and debit cards. PCI DSS is a self-imposed industry standard. To do business with Visa, MasterCard, American Express, Discover, and JCB, all organizations that store, process, or transmit cardholder data must comply with PCI DSS requirements.

PCI DSS was created by Visa, MasterCard, American Express, Discover, and JCB. Visa and MasterCard require large and medium-sized merchants and service providers to be validated for compliance by a third-party auditor; small merchants and service providers can perform self-validation.

Visa, MasterCard, American Express, Discovery, and JCB can assess fines for businesses that do not comply with PCI DSS. Although PCI DSS is an industry standard, many states have separate laws that allow states to asses fines against organizations that leak data or have security breaches. Organizations that comply with PCI DSS have a significantly lower risk of data leaks and security breaches.

What is in This Section?

This section describes how to configure SL1 to comply with PCI DSS. This section will walk you through the following configuration tasks:

  • Configuring SL1 to use HTTPS instead of HTTP.
  • Configuring SL1 to disable the auto-complete feature and disable saving credentials in the browser cache.
  • Installing a security certificate.
  • Strengthening SSL ciphers to the highest security.
  • Disabling phpMyAdmin.
  • Applying the latest update and/or patch.

This section will also describe common issues that arise during a scan for vulnerabilities and how the configuration tasks described in this document address these issues.