💳 PCI DSS v4.0 Compliance Assessment ✧ ペイメントカードセキュリティ 🔒
💳 🔒 💰 🛡️
✧ Payment Security Assessment ✧

PCI-DSSペーシーアイ Compliance Checker

ペイメントカード業界データセキュリティ基準 チェッカー ♪

🆕 Updated for PCI DSS v4.0 • 2025

Protect cardholder data with our kawaii PCI DSS assessment! ✧ Check your compliance with all 12 requirements covering network security, data protection, vulnerability management, and access controls. がんばって!

PCI Guardian
Let's protect those
payment cards! ✧
カード情報を守ろう!

✧ PCI DSS Assessment ✧

コンプライアンスチェック開始!

💳 About PCI DSS v4.0

The Payment Card Industry Data Security Standard protects cardholder data across all organizations that accept, process, store, or transmit credit card information. Version 4.0 is mandatory from March 31, 2025.

L1
>6M transactions
L2
1-6M transactions
L3
20K-1M e-comm
L4
<20K e-comm
0 of 24 questions answered ✧ 0/24 回答済み
🔥

Req 1: Network Security Controls

ネットワークセキュリティ管理

📋 Requirement 1 • ファイアウォール
1

Do you have firewalls installed and configured to protect cardholder data?

カード会員データを保護するファイアウォールは設置・設定されていますか?
2

Is there a network diagram showing all connections to cardholder data?

カード会員データへの接続を示すネットワーク図がありますか?
⚙️

Req 2: Secure Configurations

セキュアな設定

📋 Requirement 2 • デフォルト変更
3

Have all vendor-supplied default passwords been changed?

ベンダー提供のデフォルトパスワードは全て変更されていますか?
4

Are system hardening standards documented and applied to all components?

システム堅牢化基準は文書化され、全コンポーネントに適用されていますか?
💾

Req 3: Protect Stored Account Data

保存データの保護

📋 Requirement 3 • データ保護
5

Is stored cardholder data encrypted using strong cryptography?

保存されたカード会員データは強力な暗号化で保護されていますか?
6

Do you have data retention policies limiting storage of cardholder data?

カード会員データの保存を制限するデータ保持ポリシーがありますか?
🔐

Req 4: Protect Data in Transit

転送中データの保護

📋 Requirement 4 • 暗号化通信
7

Is cardholder data encrypted during transmission over public networks (TLS 1.2+)?

公開ネットワーク上の転送時にカード会員データはTLS 1.2以上で暗号化されていますか?
🛡️

Req 5: Anti-Malware Protection

マルウェア対策

📋 Requirement 5 • ウイルス対策
8

Is anti-malware software deployed on all systems commonly affected by malware?

マルウェアの影響を受けやすい全システムにアンチマルウェアソフトが導入されていますか?
9

Are anti-malware solutions kept current with automatic updates?

アンチマルウェアソリューションは自動更新で最新に保たれていますか?
🔧

Req 6: Secure Systems & Software

セキュアなシステム開発

📋 Requirement 6 • パッチ管理
10

Are critical security patches installed within one month of release?

重要なセキュリティパッチはリリース後1ヶ月以内に適用されていますか?
11

Do you follow secure coding practices (OWASP) for custom applications?

カスタムアプリケーションにOWASPなどのセキュアコーディング実践を適用していますか?
🚫

Req 7: Restrict Access by Need-to-Know

アクセス制限

📋 Requirement 7 • 最小権限
12

Is access to cardholder data restricted to personnel with business need?

カード会員データへのアクセスは業務上必要な担当者のみに制限されていますか?
13

Is there a role-based access control system with documented roles?

文書化された役割を持つロールベースアクセス制御システムがありますか?
👤

Req 8: Identify & Authenticate Users

ユーザー認証

📋 Requirement 8 • MFA必須
14

Does every user have a unique ID for system access?

全ユーザーがシステムアクセス用の一意のIDを持っていますか?
15

Is MFA implemented for all access to the cardholder data environment?

カード会員データ環境への全アクセスにMFAが実装されていますか?
🏢

Req 9: Restrict Physical Access

物理アクセス制限

📋 Requirement 9 • 物理セキュリティ
16

Is physical access to cardholder data areas restricted and monitored?

カード会員データエリアへの物理アクセスは制限・監視されていますか?
17

Are media containing cardholder data physically secured and tracked?

カード会員データを含むメディアは物理的に保護・追跡されていますか?
📝

Req 10: Log & Monitor Access

ログ記録と監視

📋 Requirement 10 • 監査証跡
18

Are all access to cardholder data logged with audit trails?

カード会員データへの全アクセスは監査証跡付きでログ記録されていますか?
19

Are logs reviewed daily and retained for at least one year?

ログは毎日確認され、少なくとも1年間保持されていますか?
🧪

Req 11: Test Security Systems

セキュリティテスト

📋 Requirement 11 • 脆弱性スキャン
20

Do you conduct quarterly vulnerability scans by an ASV?

ASVによる四半期ごとの脆弱性スキャンを実施していますか?
21

Do you conduct annual penetration testing?

年次ペネトレーションテストを実施していますか?
22

Do you have intrusion detection/prevention systems monitoring the CDE?

CDEを監視する侵入検知/防止システムがありますか?
📋

Req 12: Security Policy

情報セキュリティポリシー

📋 Requirement 12 • ポリシー管理
23

Do you have a documented information security policy reviewed annually?

年次レビューされる文書化された情報セキュリティポリシーがありますか?
24

Do all personnel receive security awareness training upon hire and annually?

全従業員が入社時および年次でセキュリティ意識向上トレーニングを受けていますか?
0%
PCI DSS Compliance Score
Calculating...

✨ Recommendations ✧ 推奨事項 ✨

Need PCI DSS Compliance Help? 💳✧

Our QSA-experienced consultants help merchants and service providers achieve and maintain PCI DSS compliance. From gap assessments to SAQ preparation, we've got you covered!

💌 Get Free Assessment ✧ 無料相談
Copied! コピーしました!

Understanding PCI DSS v4.0 Compliance

What is PCI DSS?

The Payment Card Industry Data Security Standard (PCI DSS) is a global security standard for all organizations that store, process, or transmit cardholder data. Version 4.0, released March 2022, becomes mandatory March 31, 2025.

The 12 PCI DSS Requirements

  1. Install and maintain network security controls (firewalls)
  2. Apply secure configurations (change defaults)
  3. Protect stored account data (encryption)
  4. Protect cardholder data in transit (TLS)
  5. Protect against malware (antivirus)
  6. Develop secure systems and software (patching)
  7. Restrict access by need-to-know (RBAC)
  8. Identify users and authenticate (MFA)
  9. Restrict physical access
  10. Log and monitor all access
  11. Test security regularly (scans, pen tests)
  12. Maintain security policies

PCI DSS v4.0 Key Changes

✧ Frequently Asked Questions ✧

What is PCI DSS?
PCI DSS (Payment Card Industry Data Security Standard) is a set of security standards ensuring all companies that accept, process, store, or transmit credit card information maintain a secure environment. It's mandated by card brands like Visa, Mastercard, and Amex.
Who needs to comply with PCI DSS?
Any organization that accepts, transmits, or stores cardholder data must comply. This includes merchants of all sizes (from small shops to large retailers), payment processors, acquirers, issuers, and service providers.
What are the penalties for non-compliance?
Penalties include fines from $5,000 to $100,000 per month, increased transaction fees, potential loss of card acceptance privileges, liability for fraud losses, and significant reputational damage from breaches.
What is new in PCI DSS v4.0?
Key v4.0 changes include: customized approach for validation, mandatory MFA for all CDE access, increased focus on risk analysis, new e-commerce protections for payment page scripts, and enhanced requirements for service providers.
🔮

Free Security Scan for Your Website

Our Mewtwo Security Scanner checks your site for HTTPS, SSL certificates, security headers, and vulnerabilities—instantly and free.

✓ HTTPS Check ✓ SSL Analysis ✓ Security Headers ✓ Instant Results
Scan Now Free