The Payment Card Industry Data Security Standard (PCI DSS) encourages and enhances payment card account data security and facilitates a broader adoption of consistent data security measures globally. PCI DSS provides a baseline of technical and operational requirements designed to protect account data. While specifically designed to focus on environments with payment card account data, PCI DSS can also be used to protect against threats and secure other elements in the payment ecosystem.
PCI DSS is intended for all entities that store, process, or transmit cardholder data (CHD) and/or sensitive authentication data (SAD) or could impact the security of the cardholder data environment (CDE). This includes all entities involved in payment card account processing — including merchants, processors, acquirers, issuers, and other service providers.
Compliance with PCI DSS also ensures that businesses adhere to industry best practices when processing, storing, and transmitting credit card data. In turn, PCI DSS compliance fosters trust among customers and stakeholders.
PCI DSS comprises a minimum set of requirements for protecting account data and may be enhanced by additional controls and practices to further mitigate risks. The below table lists the PCI DSS requirements at a high level, F5 qualifies as Level 1 Service Provider and while it does not process, store, or transmit CHD/SAD; it could impact the security of the cardholder data environment (CDE) of our customers.
Applicable Products: F5 Distributed Cloud, Bot Defense, and Silverline
