Margaret The PCI DSS compliance assists to safeguard against

Rouse stated, that the Payment Card Industry Data Security Standard (PCI DSS)
is a widely accepted set of policies and procedures intended to optimize the
security of credit, debit and cash card transactions and protect cardholders
against misuse of their personal information. In
2004 PCI DSS was formed by several major credit-card companies to help protect
these companies from liability and to protect cardholders information. There
are three steps to ensure everyone is adhering to PCI DSS: Assess — identifying
cardholder data, inventory the IT assets and payment card processing, then
analyze them for vulnerability; Remediate — fix any vulnerabilities; and Report
— collecting data to submit a compliance and remediation validation records.
PCI Security Standards Council is the ones who oversee all PCI DSS policies and
any other associated security standards. The Council is responsible for managing the security
standards, while compliance with the PCI set of standards is enforced by the
founding members of the Council, American Express, Discover Financial Services,
JCB International, MasterCard Worldwide and Visa Inc. (PCI DSS Quick Reference
Guide, 2010). The PCI DSS compliance assists to safeguard against
vulnerabilities associated with service providers, online shopping,
point-of-sale transactions, and wireless hotspots. It is mandatory that any
business that accepts and process payment cards have to comply with the PCI


The PCI Data Security
Standard PCI DSS is the global data security standard adopted by the payment
card brands for all entities that process, store or transmit cardholder data
(PCI DSS Quick Reference Guide, 2010). Here are some of PCI DSS goals and requirements:

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!

order now

 1. Build and Maintain a Secure Network –
Install and maintain the firewall which will provide protection for stored
cardholder information.

2. Maintain a
Vulnerability by continuously updating anti-virus software or programs

3. Implement and Restrict
Access to cardholder data 

4. Regularly track
and monitor all access to the network

5. Regularly test the

6. Maintain and
comply with the Information Security Policy

 Health Insurance Portability and
Accountability Act of 1996 (HIPAA) is a US law intended to protect the privacy
of the patient and the patients’ medical information. HIPAA Security Rule is a
set of security standards established to protect patient health information
when it is being stored or electronically transferred between entities. The Security Rule
requires appropriate administrative, physical and technical safeguards to
ensure the confidentiality, integrity, and security of electronic protected
health information (The Security Rule, 2014).


In 2009 the HIPAA
Security Rule included the HITECH Act which incorporated the responsibilities
of business; HHS established rules to implement and clarify all of the changes.
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights
announces a final rule that implements a number of provisions of the Health
Information Technology for Economic and Clinical Health (HITECH) Act, enacted
as part of the American Recovery and Reinvestment Act of 2009, to strengthen
the privacy and security protections for health information established under
the Health Insurance Portability and Accountability Act of 1996 (HIPAA)
(Omnibus HIPAA Rulemaking, 2015).


A business associate
is an individual or organization that performs specific tasks or services which
involves the use or disclosure of individually identifiable health information.
Some of this task or services may include processing claims, analyzing data,
billing, accounting, consulting, management, or financial services. A business
associate contract is a contractor or non-workforce member that performs
business associate duties. Within these contracts, there are specific
guidelines written to protect identifiable health information.


In 1901 The National
Institute of Standards and Technology (NIST) the nation’s oldest physical
science laboratories was established by the U.S. Department of Commerce. NIST
headquarters is currently located in Gaithersburg, MD; with seven laboratories
and a number of extramural programs. From the smart electric power grid and electronic health
records to atomic clocks, advanced nanomaterials, and computer chips,
innumerable products and services rely in some way on technology, measurement,
and standards provided by the National Institute of Standards and Technology
(About NIST, 2017). An essential part
of NIST’s work is to anticipate the future. Fast-moving sectors such as
nanotechnology, quantum information science, homeland security, information
technology, and advanced manufacturing need sophisticated technical support
systems to flourish and grow (About NIST, 2017). NIST has provided this support
in a number of ways by developing and improving technologies, improvement
standards, and helping to create quality products and services. It is estimated
that approximately 3,400 people are employed at NIST Gaithersburg, Maryland,
and Boulder, Colorado facilities. NIST also has 2,700 associates within the
government, academia, and industry field. Below are some
examples of what NIST has accomplished:

•    1 Jan 1906 – NIST produced standard samples
also known as standard reference materials (SRMs).

•    1 Jan 1915 – NIST published the nation’s
first model electrical safety code.

•    1 Jan 1932 – Wilmer Souder a NIST employee;
was the nation’s first federal forensic scientists. He assisted in creating the
FBI’s crime lab.

•    1 Apr 1950 – The Standards Eastern
Automatic Computer (SEAC) the world’s first internally programmed digital
computer and created the world’s first digital image.

•    2 Oct 2000 – NIST selected the Rijndael
algorithm making it the Advanced Encryption Standard (AES) a public algorithm
intended to safeguard sensitive information (About NIST, 2017).