Skip to content Skip to navigation

Complete Policy List

Stanford's PCI DSS policies

Viewing content requires authentication via Stanford SUNet

1. Firewall Requirements Policy

2. Firewall and Router Configurations Policy

3. DMZ Configuration and Internet Access to the Cardholder Data Environment Policy

4. Personal Firewall Software Policy

5. Changing of Vendor Supplied Default Settings Policy

6. Configuration Standards for All System Components Policy

7. Non-Console Administrative Access Policy

8. Data Retention and Disposal Policy

9. Sensitive Authentication Data (SAD) Storage Policy

10. Primary Account Number (PAN) Policy for Masking & Displaying the PAN Digits

11. Point-to-point Encryption (P2PE), Wi-Fi, Analog and Global System for Mobile (GSM) Usage Policy

12. Unencrypted Primary Account Numbers (PAN) Policy

13. Anti-Virus Policy

14. Security Patch Management Installation Policy

15. Custom Application Code Change Reviews Policy

16. Change Control Policy

17. Software Development Secure Coding Guidelines and Training Policy

18. Data Control & Access Control Policies

19. Unique ID & Authentication Methods Policy

20. Shared, Group, Generic, and Other Authentication Methods Policy

21. Database Access & Configuration Settings Policy

22. Media Storage, Distribution and Classification Policy

23. Media Destruction Policy

24. Media Device Protection Policy

25. Physical Security Policy

26. Securing of Audit Trails Policy

27. Security Logs & Events Policy

28. Workstation & Laptop Usage Policy

29. Strong Cryptography and Secure Protocols for CHD transmission

30. Evaluation Policy for Payment Systems and Service Vendors

31. PCI DSS Awareness Training Policy

32. Web Interface Design for CyberSource Integration by UIT Compliance Services

33. Stanford University is a PCI Merchant, but not a PCI Service Provider