Develop and Maintain Secure PCI In-Scope Systems and Applications

REQUIREMENTSSUPPORTING DOCUMENTATIONREVISION HISTORY

Policy Owner: Manager, Business Relationship Management

Note: An owner must be a PCES-level manager.

REQUIREMENTS

Current industry best practices as described in the Payment Card Industry Data Security Standard (PCI DSS) and the current version of Open Web Application Security Project (OWASP) Top Ten must be followed for PCI in-scope systems. These include, but are not limited to, the following requirements.

The Business Relationship Management Program Manager (BRM PM) coordinates these activities.

SUPPORTING DOCUMENTATION

Access supporting documentation from ITWEB (Internal)

Access Supporting Documentation from USPS.com (External)

REVISION HISTORY

Version
Date
Description of Change
1.0 05.10.2013 Initial Release.

Note: This document is Section 508 compliant.
1.1 11.24.2014 Updated language in Requirements section to clarify that current best practices at this time are PCI DSS 2.0 and OWASP Top Ten 2010.
1.2 03.02.2015 Non-substantive revision: Policy Owner changed from Manager, IT Strategy and Compliance, to Manager, Business Relationship Management.
1.2.1 07.21.2015 Annual Review: The annual review for functional accuracy and current PCI DSS requirements has been completed. CR 91292
1.2.2 03.14.2016 Annual Review: The annual review for functional accuracy and current PCI requirements has been completed. CR 154951

Non-substantive update: Updated references/hyperlinks to Risk Ranking Policy, which replaced Risk Ranking Standards.
1.2.3 10.31.2016 Annual Review: The annual review for functional accuracy and current PCI requirements has been completed. CR 223948
1.2.4 10.04.2017 Removed references to Waterfall methodology.

Annual Review: The annual review for functional accuracy and current PCI requirements has been completed. CR 311546
1.2.5 10.22.2018 Annual Review: The annual review for functional accuracy and current PCI requirements has been completed. CR 407156
Powered By OneLink