10 Things You Should Know About PCI Compliance - 3.

 
 
By Cameron Sturdevant  |  Posted 2007-10-17
 
 
 

10 Things You Should Know About PCI Compliance

Up-to-Date Network Map Requirement 1.1.2 asks for a current network diagram with all connections to cardholder data, including any wireless networks. This is essential for managing any network and will significantly decrease the time needed to l

10 Things You Should Know About PCI Compliance

10 Things You Should Know About PCI Compliance - 2.

Sync Router Config Files Requirement 1.3.6 specifies that a routers running configuration should match its startup configuration. This means that if a router power cycles for some reason, it will come back up in a working state as last configu

10 Things You Should Know About PCI Compliance - 2.

10 Things You Should Know About PCI Compliance - 3.

Reduce the Attack Surface Requirement 2.2.4 mandates that all unnecessary functionality be removed from systems. Dumping unneeded scripts, drivers, features and subsystems is a classic first step in securing a system and almost always mea

10 Things You Should Know About PCI Compliance - 3.

10 Things You Should Know About PCI Compliance - 4.

Minimize Cardholder Data Storage Requirement 3.1 makes it the rule to store only minimal cardholder data. This not only reduces storage costs, but also minimizes the risks associated with storing sensitive data, such as having to disclose data

10 Things You Should Know About PCI Compliance - 4.

10 Things You Should Know About PCI Compliance - 5.

Document System and Software Changes Requirement 6.4 and its progeny mandate the use of a documented change control system to assess change impact, implementing management control over changes and following testing procedures to make sure operati

10 Things You Should Know About PCI Compliance - 5.

10 Things You Should Know About PCI Compliance - 6.

Develop Secure Web Apps Requirement 6.5 calls for developers to use OWASP (Open Web Application Security Project) guidelines to prevent common coding errors. Secure coding practices can be a co-factor leading to more thoughtfully written applicat

10 Things You Should Know About PCI Compliance - 6.

10 Things You Should Know About PCI Compliance - 7.

Spindle, Staple and Mutilate Requirement 9.10 specifies that media containing cardholder data should be destroyed when no longer needed for business or legal reasons. The operational gains include greatly reduced liability and the paring away

10 Things You Should Know About PCI Compliance - 7.

10 Things You Should Know About PCI Compliance - 8.

At the Tone, the Time Will Be... Requirement 10.4 simply states that IT managers must, Synchronize all critical system clocks and times. Correct and centrally managed time services are essential to a well-run network. Implementing a

10 Things You Should Know About PCI Compliance - 8.

10 Things You Should Know About PCI Compliance - 9.

Keep an Eye on the Shop Requirement 11.5 asks that a file integrity monitoring system be deployed to alert IT staff when unauthorized modifications are made to critical system or content files. Preventing unauthorized changes increases the likeli

10 Things You Should Know About PCI Compliance - 9.

10 Things You Should Know About PCI Compliance - 10.

Acceptable Use Requirement 12.3.5 asks for the creation of a policy on acceptable use of technology. Notifying users of what is considered acceptable use makes it clear that unacceptable, and often risky, uses are prohibited. This promotes a heal

10 Things You Should Know About PCI Compliance - 10.

10 Things You Should Know About PCI Compliance - See More Slideshows Like This One

10 Things You Should Know About PCI Compliance - See More Slideshows Like This One

Rocket Fuel