The PCI Data Security Standard (PCI DSS) and the NIST Cybersecurity Framework share the common goal of enhancing data security. The Mapping of PCI DSS to the NIST Cybersecurity Framework provides a resource for stakeholders to use in understanding how to align security efforts to meet objectives in both PCI DSS and the NIST Framework.
PCI DSS defines security requirements for the protection of payment card data, as well as validation procedures and guidance to help organizations understand the intent of the requirements. Rapid changes in threats require more detailed standards for payment security. PCI DSS is focused on the unique threats and risks present in the payments industry.
It is intended for all entities involved in storing, processing, or transmitting payment card data, and provides foundational security requirements across twelve main security objectives to protect payment environments.
