Achieving PCI DSS Compliance
ITC can help you be PCI DSS compliant. And, to demonstrate compliance with current PCI DSS requirements, businesses must implement controls that are focused on attaining six functional high-level goals.
As you have read, the goals are separated into 12 actionable steps. A process must be put in place to monitor, test, report, and remediate results of your client’s PCI DSS compliance efforts, once these controls are implemented.
Build and maintain a secure network and systems
The first two requirements detail how a firewall should be implemented, maintained, and managed.
1. Install and maintain a firewall configuration to protect cardholder data.
Firewalls are integral to the security of any computer network and are the first line of defense for Internet traffic.
A firewall identifies network traffic and blocks any transmissions that don’t meet the business’s specified security criteria. All systems must be protected from unauthorized access from untrusted networks—regardless of the method of entry (e.g., internet e-commerce, employee internet access, employee e-mail access, business-to-business connections or wireless networks).
2. Do not use vendor-supplied defaults for system passwords and other security parameters.
Criminals and data thieves use vendor default passwords and default settings to compromise systems.
It is critically important to change vendor-supplied default passwords/settings and remove/disable unnecessary default accounts before introducing new systems into your environment.