|
The PCI DSS, a set of comprehensive requirements for enhancing payment account data security, was developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. Inc. International, to help facilitate the broad adoption of consistent data security measures on a global basis.
The Payment Card Industry (PCI) Data Security Standard (DSS) applies to all businesses, large and small, in any
industry that processes, transmits, or stores credit card transactions and cardholder information. The goal of the PCI
DSS is to increase protection of credit card information and related transactions. PCI DSS Version 1.2 was released
in October 2008 and went into effect in January 2009, and includes deadlines for wireless installations and
deployments using Wired Equivalent Privacy (WEP). Version 1.2 emphasizes network segmentation to determine
the PCI scope and cardholder data environment, and outlines sampling size determination for organizations during
an audit.
Wireless networks that are part of the Cardholder Data Environment must comply with all PCI DSS requirements. This
includes using a firewall and making sure that additional rogue wireless
devices have not been added to the Cardholder Data Environment. In addition, PCI DSS compliance
for systems that include WLANs as a part of the Cardholder Data Environment requires extra attention to WLAN specific
technologies and processes such as:
- Physical security of wireless devices
- Changing default passwords and settings on wireless devices
- Logging of wireless access and intrusion prevention
- Strong wireless authentication and encryption
- Use of strong cryptography and security protocols
- Development and enforcement of wireless usage policies.
With our assistance you will be able to deploy 802.11 Wireless Networks in
accordance with PCI DSS v1.2 within your Cardholder Data Environment (CDE). Our service is intended for organizations that store, process or transmit cardholder data that
may or may not have deployed wireless LAN (WLAN) technology. Wireless PCI DSS complaincy is not just for organisations that allready have an existing WLAN deployed but also for those with no WLAN deployment.
- Build and Maintain a Secure Network
- Protect Cardholder Data
- Maintain a Vulnerability Management Program
- Implement Strong Access Control Measures
- Regularly Monitor and Test Networks
- Maintain an Information Security Policy
The PCI DSS compliance procedure can take anything from a day to many weeks, depending on what is uncovered by the vulnerability assessment scan and the self-assessment questionnaire. Organizations that currently have a good level of information security are likely to be compliant a lot more quickly than those that don't.
The PCI DSS mandates the need for acceptable usage policies and procedures, which include
those for wireless devices. The importance here is that organizations understand how wireless is
to be used within their environment, how it is to be secured and deployed and how the
organization will address incidents as they occur. Another important aspect the policy should
address is how employees can and should use their authorized wireless devices. For example, if
employees receive laptops, they need to understand the acceptable usage and responsibilities of
wireless networking. If an employee receives a wireless inventory device, he or she needs to
understand how to properly protect, access, and store that device.
http://www.pcicomplianceadvisor.com/
If you would like more information about our PCI DSS compliance service please use the contact us page or give a call. |
