Regulatory Compliance, Governance and Security

May 17 2009   9:36PM GMT

PCI DSS Compliance | Understanding Requirement 1

Charles Denyer Charles Denyer Profile: Charles Denyer

PCI DSS Compliance is growing at an astonishing rate for merchants and service providers throughout the country and the globe.

Let’s take some time to distill each of the twelve (12) core Payment Card Industry Data Security Standards (PCI DSS) Requirements. This will be the first in a 12 part series of giving you a better understanding of each of the requirements and the sub-requirements for each.

Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect cardholder data

As stated by the Payment Card Industry Data Security Standards Requirements: All systems must be protected from unauthorized access from untrusted networks, whether entering the system via the Internet as e-commerce, employees’ Internet access through desktop browsers, employees’ e-mail access, dedicated connection such as business to business connections, via wireless networks, or via other sources. Often, seemingly insignificant paths to and from untrusted networks can provide
unprotected pathways into key systems. Firewalls are a key protection mechanism for any computer network.”

Okay, fair enough and with that said, as a Payment Card Industry Qualified Security Assessor (PCI QSA), here’s what you need to be aware of for Requirement 1:

1. Have in place an excellent network topology diagram.
2. Make sure you develop the documented policies and procedures that are being called for in Requirement 1
3. When deploying and hardening network devices, (routers, firewalls,etc.), please keep in mind that you need to be documenting this process along with utilizing industry accepted configuration guidelines , such as SANS, NIST, CIS.

This is just a start and by no means all the items for Requirement 1, but being aware of these issues will greatly help you meet the guidelines for PCI DSS Requirement 1.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: