The PCI DSS (Payment Card Industry Data Security Standard) sets a number of expectations for IT assessment. Activities, from scanning for rogue wireless access points to reviewing vendor contracts, are scattered throughout the PCI Data Security Standard document.
Below is an attempt to assemble those requirements into a single schedule. Where the standard didn’t specify a frequency, I used reasonable “best practices” values. I hope this is a useful starting place for organizations working toward compliance, but it is definitely not a holistic IT security plan! There are lots of other security activities that should be taking place at every organization – this is just a summary of those discussed in the PCI DSS.
See anything that I missed? Did I get something wrong? Let me know in the comments and we’ll work toward an accurate sample schedule together!!