This is THE most important requirement of the PCI standard. PCI DSS Requirement 3: Protect stored cardholder data These procedures need to be followed every time a new system is introduced in the IT infrastructure. This requirement also asks to maintain an inventory of all the systems, configuration/hardening procedures. Such default passwords and other security parameters are not permissible per this requirement. These default usernames and passwords are simple to guess, and most are even published on the Internet. Most of the operating systems and devices come with factory default setting such as usernames, passwords, and other insecure configuration parameters. It focuses on hardening your organization’s systems such as servers, network devices, applications, firewalls, wireless access points, etc. PCI DSS Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters Configuration rules should be reviewed bi-annually and ensure that there are no insecure access rules which can allow access to the card data environment. Organizations should establish firewalls and router standards, which allow for a standardized process for allowing or denying access rules to the network. Firewalls restrict incoming and outgoing network traffic through rules and criteria configured by your organization.įirewalls provide the first line of protection for your network. Properly configured firewalls protect your card data environment. This first requirement ensures that service providers and merchants maintain a secure network through the proper configuration of a firewall as well as routers if applicable. PCI DSS Requirement 1: Install and maintain a firewall configuration to protect cardholder data PCI DSS 12 requirements are a set of security controls that businesses are required to implement to protect credit card data and comply with the Payment Card Industry Data Security Standard (PCI DSS). It is crucial to reduce the PCI DSS audit scope because it will help reduce your compliance costs, operations costs, and risk associated with interacting with payment card data.
0 Comments
Leave a Reply. |