pci dss requirement 1.1.1

PCI Payment Card Industry Compliance | PCI DSS | Important Tips

Is your organization seeking to become Payment Card Industry (PCI) Data Security Standards (DSS) compliant for 2009? Are you a merchant or service provider that is directly involved in the processing, storage, or transmission of transaction data or cardholder data? If you answered yes to these questions, then its time you learn more about PCI DSS compliance and what the road ahead holds for your organization.

First and foremost, PCI DSS compliance is spreading like wildfire, to say the least. From small start up, locally owned companies to large e-commerce entities, PCI DSS compliance is becoming mandatory for every conceivable organization that conducts commerce with payment cards.

To be fair, regulation for PCI DSS compliance was somewhat lax and disjointed in the beginning, but much has changed in the last six months as the major payment brands are starting to push PCI DSS compliance much deeper and in a more transparent way then ever before.

If you want to learn more about Payment Card Industry Data Security Standards (PCI DSS) compliance, then visit pciassessment.org, one of the most in-depth sites currently available for PCI DSS news and information.

2009 is just around the corner, so properly plan for having your organization become PCI DSS compliant.

Payment Card Industry (PCI DSS) Compliance | Requirement 1.1.1

PCI DSS Requirement 1.1.1 calls for “A formal process for approving and testing all network connections and changes to the firewall and router configurations”. Thus, the test to validate this, in accordance with PCI DSS 1.2 standards is to “Verify that there is a formal process for testing and approval of all network connections and changes to firewall and router configurations”. Thus, network connections, firewall rulesets/configurations and settings to routers must be placed in a proactive mode for ensuring continuous protection for the organization. As threats become known and as business needs change, this formal process needs to be documented to address this specifically.

The key phrase here my friends is “formal process”. What does that really mean? It means having documented policies and procedures in place for approving and testing connections/changes to these critical devices. Easier said than done as most organizations do not have the time or resources to formally write out documented policies and procedures. Beware, as this is a very large part of ensuring PCI DSS compliance. To learn more about PCI DSS and documented policies and procedures for PCI DSS compliance, visit pciassessment.org.