We are at the half-way mark in becoming PCI Compliant. We took a little break for Fraud Awareness Week and now we are ready to “Maintain a Vulnerability Management System”. Our previous efforts have been focused on Building and Maintaining a Secure Network and Protecting Cardholder Data. We now have a firewall, clear policies regarding the type of information we will store, and the length of time we will store it. We even have encryption software and an SSL certificate. Congratulations!
Now, we need to Maintain a Vulnerability Management Program. This comes in two parts. First, we need to use and regularly update anti-virus software. Then, we have to develop and maintain secure systems and applications. I know what anti-virus software is, so let’s start there.