Unit 2 Assignment PCI DSS and the Seven Domians
Jose J Delgado
PCI DSS and the Seven Domains
YieldMore has a network needing to configure its current configuration and policy to meet PCI DSS standards which can be found at: https://www.pcisecuritystandards.org/security_standards/documents.php?agreements=pcidss&association=pcidss
In order to be in compliance a basic compliance plan has been created to ensure YieldMore and customer data in the reconfiguration will be met. Software and hardware used will be checked to PCI DSS database to ensure compliance. The network plan will be required to meet these minimum requirements before compliance assessment test will be made.
*Note: If third party is to host the payment process and procedure. They will be responsible to uphold the PCI DSS standards, they will be held liable if failure to maintain compliance.
Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall
-In reference to previous network plan U1A1 a firewall will be in place in the LAN/WAN Domain & System/Application Domain to protect internal network from potential external threats.
Requirement 2: Do not use defaults, such as default password
-In reference to previous network plan U1A1 GPO and AD will be created and upheld for the internal network. GPO will be in place to provide username and password security policy for external network users. (System/Application Domain)
Protect Cardholder Data
Requirement 3: Protect stored data
-Policy will be implemented to document all security policies and operation policy to secure cardholder data that will be stored in company database. (System/Application Domain & LAN Domain & Remote Access Domain)
Requirement 4: Encrypt transmissions
- SSL and HTTPS will applied to online transactions. Enabling encrypted connection through user login to encrypted pages until sign out. (System/ Application Domain & LAN Domain & Remote Access Domain)