Subscribe to the "PCI Compliance Deadline for Level 2 Vendors Made Easy with 5 Tips" web feed.Subscription options
Excerpt from:  IT Compliance
.
December 12, 2007

PCI Compliance Deadline for Level 2 Vendors Made Easy with 5 Tips

Change control experts advise Level 2 merchants on how to ease the Dec 31 PCI compliance deadline

If you are a Level 2 merchant, you know there’s a big PCI compliance deadline out there, making December 31 seem like yesterday.  But read the 5 tips below, as outlined in our recent press release, as they might be able to help you out. 

TIP 1: Delegate and Designate. Assign a specific person to research and lead the charge to ensure your organization is addressing the PCI compliance requirements. This person will serve as the central point of contact for assessors, vendors and internal personnel responsible for enabling processes and technology.

TIP 2: Do the Documentation. Conduct an internal audit of your existing physical and information technology (IT) security infrastructure, documenting the security solutions currently deployed throughout the IT environment. This documentation will save your organization time and money and serves as a helpful tool before you begin working with an approved Qualified Security Assessor (QSA) to verify compliance.

TIP 3: Rely on the Reliable. Use an approved QSA that has experience with companies of similar size. This will ensure the assessment is done as quickly and efficiently as possible. Also, when looking to deploy new technologies, it is valuable to leverage solutions that are part of the PCI Security Vendor Alliance (www.pcialliance.org).

TIP 4: Implement the Important. Prioritize the deployment of solutions that will ensure your organization is meeting the more complex requirements first. For example, requirements 10 (track and monitor all access to network resources and cardholder data) and 11 (regularly test security systems and processes) are the least-satisfied requirements according to independent research. These requirements specify the use of a file integrity monitoring solution. Be sure to use a real-time change and configuration audit solution that can automatically document "who" is making change, "what" is being changed, "when" a change was made, and "how" a change was made on the infrastructure. This helps validate a merchant's security posture quickly and easily.

TIP 5: Look Beyond PCI. Since you are already doing the work, ensure that the new programs and solutions implemented are also helping improve overall business efficiency. While PCI compliance may be the driving factor, it should not be the only factor when evaluating new solutions. For instance, look for a solution that is preventative as well as detective to help sustain continuous compliance after systems and configurations have been established and secured.

by
Erin Swanson
Eswanson@solidcore.com

.
PermalinkSolidcore Reveals Five Easy Tips for Meeting Looming PCI Deadline
.Change Control Expert Advises Level 2 Merchants on How to Ease Meeting the December 31 Deadline
.http://www.marketwire.com/mw/release.do?id=801036
.
PermalinkLearn more about Solidcore's file integrity monitoring system
.Solidcore's change control software enables file integrity monitoring
.http://www.solidcore.com/
Topic Tags:  ,
by Erin Swanson | ↑top | link to this#
Syndication OptionsRSS (Rich Site Summary) Feed Atom Feed OPML (Outline Processor Language) Feed MYST-ML (MyST Markup Language) Content Feed MS-Office Smart Tag Subscription