Security Standards

The Payment Card Industry Data Security Standard (PCI DSS) was mandated in January of 2005 to protect cardholders from fraud and identity theft.

They have developed security requirements that apply to all system components; whether it be a network component, server or application that is included or connected to the cardholder data environment. In order to meet compliance standards, your area may be required to purchase additional equipment or make changes to your network infrastructure.

Iowa State has developed a Self Assessment Questionnaire based on a PCI DSS document. PCI DSS has developed twelve requirements for data security and a document on PDF document on Security Scanning Procedures. All three should be reviewed as part of the compliance program. Click on the respective link located on the side navigation bar of this page to view these documents or click on the hyperlinks wihin this paragraph.