PCI DSS Policy Crosswalk

Mapping of PCI DSS Requirements to GVSU Policies and Procedures

PCI Req	Control Area	GVSU Policy / Document	Description
1	Network Security Controls	PCI Policies & Procedures	Defines network segmentation, firewall controls, and system protection.
2	Secure Configuration	PCI Policies & Procedures	System hardening, removal of defaults, and secure configuration requirements.
3	Protect Stored Data	PCI Processing Standards	Prohibits storage of sensitive card data and defines destruction requirements.
4	Encrypt Transmission	PCI Processing Standards	Requires TLS encryption for cardholder data transmission.
5	Malware Protection	PCI Malware Policy	Defines EDR, anti-malware, and patching requirements.
6	Secure Development	SDLC Policy	Requires OWASP secure coding, testing, and code review.
7	Access Control	PCI Policies & Procedures	Enforces least privilege and role-based access.
8	Authentication	PCI Policies & Procedures	Defines unique IDs, password controls, and MFA requirements.
9	Physical Security	Daily Inspection Monthly Inspection Annual Inspection Inspection Guide	Defines terminal handling, inspection, and physical protection controls.
10	Logging & Monitoring	PCI Policies & Procedures	Requires centralized logging and monitoring of systems.
11	Security Testing	Annual Merchant Checklist	Defines vulnerability scanning, testing, and risk assessments.
12	Security Governance	Security Awareness Vendor Onboarding Incident Response Plan TPSP Requirements	Defines governance, training, vendor compliance, and incident response.