PCI Requirement 2.2 – Develop configuration standards for all system components

by Randy Bartels / December 22, 2022

Developing Configuration Standards After Industry Best Practices System configuration standards are the proper configuration of system components like networks, servers, and applications. PCI Requirement 2.2 ensures that organizations configure their systems to fix security vulnerabilities. There are two parts that need to be completed in order to comply with PCI Requirement 2.2. First, PCI Requirement 2.2 directs organizations to, “Develop configuration standards for all system components.” Your hardening and configuration…

Read More

PCI Requirement 2.1.1 – Change all Wireless Vendor Defaults

by Randy Bartels / December 22, 2022

Hardening Your Wireless Network Similar to the parent requirement, PCI Requirement 2.1, PCI Requirement 2.1.1 focuses on changing vendor-supplied defaults. PCI Requirement 2.1.1, though, relates to all wireless environments. If you’re using a wireless network or device that’s within scope of the PCI DSS, you must ensure that you change all wireless vendor defaults upon installation. You must also ensure that all security-related functions and features are enabled and that…

Read More

PCI Requirement 2.1 – Always Change Vendor-Supplied Defaults

by Randy Bartels / December 22, 2022

Why should you change vendor-supplied defaults? Vendor-supplied accounts and passwords pose a serious threat to your organization's security. Although defaults might make installation or even support easier, PCI Requirement 2.1 instructs service organizations to change vendor-supplied defaults because it is pretty simple for hackers to find the vendor-supplied information needed to attack and exploit your system. PCI Requirement 2.1 states, “Always change vendor-supplied defaults and remove or disable unnecessary default…

Read More