PCI Requirement 5.1.1 – Ensure Anti-Virus Programs are Capable of Detecting, Removing, and Protecting Against Malware

by Randy Bartels / February 7, 2023

It’s crucial that your organization can protect itself from all types and forms of malicious software, including viruses, Trojans, worms, spyware, adware, and rootkits. PCI Requirement 5.1.1 requires that your organization’s anti-virus program is capable of three things: Detecting all known types of malware Removing all known types of malware Protecting against all known types of malware Some solutions perform whitelisting, which prevents malware from ever running in the first…

PCI Requirement 5.1 – Deploy Anti-Virus Software on all Commonly Affected Systems

by Randy Bartels / February 7, 2023

There are more people than you think looking to harm your environment. We used to see viruses created just for the sake of creating viruses. Nowadays, organizations are attacked by software that is specifically written for their environment, probably by somebody that has knowledge of their environment. Your organization should take every precaution possible to prevent a potential attack; this is why PCI Requirement 5 states that all systems need…

PCI Requirement 4.3 – Ensure Security Policies and Procedures are Known to all Affected Parties

by Randy Bartels / February 7, 2023

PCI Requirement 4 states, “Encrypt transmission of cardholder data across open, public networks.” We’ve covered cryptography standards, wireless networks, and end-user messaging technologies to help prepare you to meet this requirement. Complying with PCI Requirement 4 will help prevent your organization from being a target of malicious individuals who exploit the vulnerabilities in misconfigured or weakened wireless networks. But it’s not enough just to learn and talk about these things;…

PCI Requirement 4.2 – Never Send Unprotected PAN by End-User Technologies

by Randy Bartels / February 7, 2023

If there are situations within your organization when you need to send or receive emails that contain sensitive cardholder data information like Primary Account Numbers (PAN), that is acceptable as long as you’re in compliance with PCI Requirement 4.2. It states, “Never send unprotected PANs by end-user messaging technologies.” This includes through email, instant messaging, chat systems, SMS, etc. The purpose of PCI Requirement 4.2 is to protect sensitive information…

PCI Requirement 4.1.1 – Ensure Wireless Network Transmitting CHD or Connected to CDE Uses Strong Encryption

by Randy Bartels / February 7, 2023

Wireless networks are a part of our everyday technology environment. It’s almost impossible to get away from it, be it your cell phone, laptop, watch, tablet, television…the list goes on and on. Wireless networks are extremely prevalent to our culture. Think about how many restaurants you go to that have table side payment. How does your payment get processed? Over a wireless network. That’s where PCI Requirement 4.1.1 comes into…