- Cyber Security Services
- Compliance Services
- IT Risk and Audit Services
- Contact Us
This is the second blog in a 12-part series addressing each PCI DSS Requirement and the challenges faced by companies going through this process. Click here for our blog post on requirement 1.
I like to refer to this requirement as the Change Your Defaults requirement. The focus is on the configuration standards and secure function of your devices within your CDE.
PCI DSS Requirement 2 states “Do not use vendor-supplied defaults for system passwords and other security parameters.” The basis of this requirement is to make sure you are not using the default settings that are commonly known to hackers. Default settings are documented across the internet on tons of sites available to anyone.
These challenges add more to the plate of the personnel responsible but should be viewed as a benefit to the overall IT Security posture of the company. Documentation throughout the PCI Requirements is an all too common theme. Some may view this as a fruitless exercise but, to the PCI world this is extremely important and greatly helps your quality of life and work. As an IT or Security professional, think of the scenario of you on vacation at the beach and the phone rings. Panic is heard on the other end of the line from one of your co-workers looking for what server may be the payment gateway for your CDE and they may need the IP address of that box. Having that information documented and readily available can ensure you are quickly back to your cooler on the beach!!
Companies that require PCI Compliance face some challenges within this requirement. Here are 3 examples of familiar challenges that we see related to PCI Requirement 2:
These challenges are just some of the areas within the PCI requirements that many of our client’s face. Another area where our client’s experience challenges is keeping track of the various requirements that must be completed on a quarterly, semi-annual, and annual basis for PCI Compliance. Therefore, we created our PCI Compliance checklist, one for service providers and one for merchants. This simple, easy to use checklist gives you the PCI requirements, what you must do to achieve/maintain compliance, and how often you need to complete each requirement. To download your copy today, click on the button below!