Friday May 26, 2017
PCI Discussion Forum
PDF Print E-mail
What is required to be PCI Compliance?

This check list is just a starting point for reviewing your technical requirements. For more an in depth review contact a consulting firm.

  • Dedicated Firewall
    • Required by Section 1 of the PCI DSS
  • Separate Web and Database Servers
    • CHD is stored en mass in the database, making it a high-value target to an attacker
    • Separate database server means that access can be strictly controlled (limited exposure)
    • Required by Section 1 of the PCI DSS
  • File Integrity Monitoring
    • There must be software that runs on the server and continually monitors critical files to see if they have changed
    • This may indicate a breach or lead to the discovery of improper configuration changes
    • Required by Section 10 of the PCI DSS
  • One Year Event Log Archival
    • Log files are retained for at least one year
    • Ensures that if an attacker compromises a system and erases the logs to cover his tracks we still have a clean, trusted copy of the events on the centralized storage system
    • Ensures chain-of-custody is preserved and logs can be used as evidence in a court case
    • Required by Section 10 of the PCI DSS
  • Daily Security Log Review
    • To ensure that any breach is detected and contained ASAP
    • Required by Section 10 of the PCI DSS
  • Two-Factor Authentication
    • Each token has a six digit number that changes every 30 seconds.
    • Additional level of assurance when authenticating a login.
    • Required for VPN connections by Section 8 of the PCI DSS
  • Penetration Testing
    • Identify vulnerabilities in a controlled setting before they can be exploited in real life
    • Required by Section 6 of the PCI DSS
  • Application Firewall
    • IDS (Intrusion Detection System) = Detects attacks
    • IPS (Intrusion Prevention System) = Blocks attacks
    • Blocks known and unknown vulnerabilities in customer code from being exploited
    • Required by Section 6 of the PCI DSS
 
Tools and Calculators

Gap Assessment Tool
Take this assessment to gain greater insight into the challenges you are facing



Business Resources