The EFT Server facilitates compliance with applicable PCI DSS requirements. The PCI DSS requirements related to physical security and cardholder database security are not applicable to EFT Server; however, you should place the EFT Server computer in a secured area, such as a locked server room or network operations center.
The topics below are organized similarly to the PCI DSS Security Audit Procedures document so that you can compare each requirement to the features in EFT Server that facilitate compliance. You can download the PCI DSS Security Audit Procedures from http://www.pcisecuritystandards.org/pdfs/pci_audit_procedures_v1-1.pdf.
Requirement 1: Install and Maintain a Firewall Configuration to Protect Cardholder Data
Requirement 4: Encrypt Transmission of Cardholder Data Across Open, Public Networks
Requirement 6: Develop and Maintain Secure Systems and Applications
Requirement 7: Restrict Access to Cardholder Data by Business Need-to-Know
Requirement 8: Assign a Unique ID to Each Person with Computer Access
Requirement 10: Track and Monitor All Access to Network Resources and Cardholder
Requirement 11: Regularly test security systems and processes
Requirement 12: Maintain a Policy that Addresses Information Security