PCI DSS Guru
Payment Card Industry Data Security Standard

                   
  • Home
  • Forum

Sample PCI-DSS Policy Part 2: Adherence to Standards

(2.2.a) Configuration standards must be maintained for applications, network components, critical servers, and wireless access points. These standards must be consistent with industry-accepted hardening standards as defined, for example, by SysAdmin Assessment Network Security Network (SANS), National Institute of Standards Technology (NIST), and Center for Internet Security (CIS). [2.2.b should be captured in your system configuration standard; 2.2.c and 2.2.3.b should be covered in your procedure for new server set-up]

Configuration standards must include:

  • (5.2) updating of anti-virus software and definitions
  • (6.1.b) provision for installation of all relevant new security patches within 30 days
  • (8.5.8.b) prohibition of group and shared passwords

Posted in Policy |

Leave a Comment

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.

Search Posts


Categories

  • Application Firewalls
  • Code Review
  • Encryption
  • PCI DSS
  • Penetration Testing
  • Policy
Copyright 2007, Plainfacts.net