- Contact Us
This will be the first blog in a 12-part series addressing each PCI DSS Requirement and the challenges faced by companies going through the process of becoming compliance with the PCI Data Security Standard.
I like to call this requirement the Defending of the Wall. It focuses on the protection of the cardholder data environment (CDE) perimeter and not letting the bad guys in to steal cardholder’s data.
Let’s start with an overview. PCI DSS Requirement 1 states that the entity must “Install and maintain a firewall configuration to protect cardholder data.” This seems straight forward, make sure you have a firewall within your CDE and configure it in a way to protect access in and out of that environment. In other words, build walls around your CDE castle to protect anyone from getting in. This requirement focuses on the firewalls, routers, the personnel responsible and the proper configuration and documentation of these devices.
Companies that require PCI Compliance face some challenges within this requirement. Here are 3 examples of common challenges that we see related to PCI Requirement 1:
These challenges add more to the plate of the personnel responsible but should be viewed as a benefit to the overall IT Security posture of the company. Having the documentation in place not only supports the PCI Compliance of the company but ensures that this critical information isn’t just stored in someone’s brain. Being aware of these challenges is a solid step in construction of the walls you need to protect your CDE and comply.
These challenges are just some of the areas within the PCI DSS requirements that many of our client’s face. Another area where our client’s experience challenges is keeping track of the various requirements that must be completed on a quarterly, semi-annual, and annual basis for PCI Compliance. This is why we created our PCI Compliance checklist, one for service providers and one for merchants. This simple, easy to use checklist gives you the PCI requirements, what you must do to achieve/maintain compliance, and how often you need to complete each requirement. To download your copy today, click on the button below!
Stay tuned for the beginning of February where we will cover PCI Requirement # 2 - The Use of Vendor Supplied Defaults