Friday, September 11, 2009

Thoughts on PCI DSS

Of the Ten Common Myths of PCI DSS, Myth 4 is surely the one most in need of debunking. Indeed, PCI compliance in and of itself will not make you secure. If an organization is to ensure compliance AND security, there must be a "continuous process of audit and remediation."

As one who has worked in change control, I can appreciate the fact that quite a number of PCI requirements pertain to this area.

Perhaps the most important command you can use on a router is "wri mem" - to save any changes you have made. It is nice to see the importance of this concept (saving your work) memorialized in PCI DSS:

PCI DSS Requirements
1.2.2 Secure and synchronize router configuration files.

Testing Procedures
Verify that router configuration files are secure and synchronized—for example, running configuration files (used for normal running of the routers) and start-up configuration files (used when machines are re-booted), have the same, secure configurations.


Post a Comment

<< Home