What is PCI-DSS and name a requirement related to cardholder data security?

PCI-DSS is a set of security requirements created by major card brands for any organization that stores, processes, or transmits cardholder data. Its goal is to protect that data from theft or compromise by enforcing controls around who can access it, how it’s protected, and how activity is monitored. A typical requirement related to cardholder data security is to protect that data with strong access controls, use encryption to render data unreadable if it’s intercepted or accessed improperly, and continuously monitor access and systems for suspicious activity. Cardholder data includes elements like the primary account number (PAN), cardholder name, expiration date, and service code, so applying access controls, encryption, and monitoring helps prevent exposure of this sensitive information. The other options describe standards that don’t exist or misstate how PCI-DSS handles data (for example, claiming no encryption or open access to card data), so they don’t fit PCI-DSS.