Blog

PCI Requirement 2.2.3 – Implement Additional Security Features

by Randy Bartels / December 22, 2022

Why Your Organization Needs To Implement Additional Security Features Under PCI Requirement 2, which focuses on hardening your organization’s systems and assets, we find PCI Requirement 2.2.3. PCI Requirement 2 is not just about your servers, it’s about any asset within your environment. PCI Requirement 2.2.3 is also about all types of assets within your environment. PCI Requirement 2.2.3 instructs, “Implement additional security features for any required services, protocols, or…

PCI Requirement 2.2.2 – Enable Only Necessary Services, Protocols and Daemons

by Randy Bartels / December 22, 2022

If It's Not Required, Get Rid of It We believe that the PCI DSS, or really any information security framework, boils down to a simple philosophy: if you do not need it or it is not required, get rid of it. PCI Requirement 2.2.2 directly correlates to this methodology. It directs, “Enable only necessary services, protocols, daemons, etc, as required for the function of the system.” Your business should be…

PCI Requirement 2.2.1 – Implement Only One Primary Function Per Server

by Randy Bartels / December 22, 2022

Finding Cross-Over Between Servers PCI Requirement 2.2.1 is another requirement focusing on hardening standards. PCI Requirement 2.2.1 states, “Implement only one primary function per server to prevent functions that require different security levels from co-existing on the same server. Where virtualization technologies are in use, implement only one primary function per virtual system component.” Assessors need to make sure that your systems only have one primary function per…

PCI Requirement 2.2 – Develop configuration standards for all system components

by Randy Bartels / December 22, 2022

Developing Configuration Standards After Industry Best Practices System configuration standards are the proper configuration of system components like networks, servers, and applications. PCI Requirement 2.2 ensures that organizations configure their systems to fix security vulnerabilities. There are two parts that need to be completed in order to comply with PCI Requirement 2.2. First, PCI Requirement 2.2 directs organizations to, “Develop configuration standards for all system components.” Your hardening and configuration…

PCI Requirement 2.1.1 – Change all Wireless Vendor Defaults

by Randy Bartels / December 22, 2022

Hardening Your Wireless Network Similar to the parent requirement, PCI Requirement 2.1, PCI Requirement 2.1.1 focuses on changing vendor-supplied defaults. PCI Requirement 2.1.1, though, relates to all wireless environments. If you’re using a wireless network or device that’s within scope of the PCI DSS, you must ensure that you change all wireless vendor defaults upon installation. You must also ensure that all security-related functions and features are enabled and that…

PCI Requirement 2.2.3 – Implement Additional Security Features

PCI Requirement 2.2.2 – Enable Only Necessary Services, Protocols and Daemons

PCI Requirement 2.2.1 – Implement Only One Primary Function Per Server

PCI Requirement 2.2 – Develop configuration standards for all system components

PCI Requirement 2.1.1 – Change all Wireless Vendor Defaults

Categories

Newsletter

Learn what you need to get started with our Audit Readiness Guide.