PCI DSS Requirement 1.1.1: Implementing a Change Control Program

by KirkpatrickPrice / April 18th, 2017

What is PCI Requirement 1.1.1? Your organization needs to ensure that you have the appropriate methods to control any changes into and out of your environment. PCI Requirement 1.1.1 requires, "a formal process for approving and testing all network connections and changes to the firewall and router configurations." The PCI DSS v3.2.1 states that PCI Requirement 1.1.1 exists because, "Without formal approval and testing of changes, records of the changes…

Introduction to PCI DSS Requirement 1

by KirkpatrickPrice / April 18th, 2017

This exclusive video series, PCI Demystified, was developed to assist your organization in understanding what the Payment Card Industry Data Security Standard (PCI DSS) is, who it applies to, what the specific requirements are, and what your organizations needs to do to become compliant.  In this episode, Jeff Wilder walks us through PCI Requirement 1. The Payment Card Industry Data Security Standard (PCI DSS) was jointly developed by the payment card…

Policies, Procedures, and Standards

by KirkpatrickPrice / April 18th, 2017

We find that most organizations struggle with the documentation aspect of a PCI assessment. EstablishedĀ best practice states, "If it's not written down, it's not happening." OrganizationsĀ need documented policies, procedures, and standards to control risks to business assets, but to also have a common understanding and language to create consistency among the culture of your organization. Small organizations often question why they need to document how their organization runs, especially if…

Establishing the Scope of Your Cardholder Data Environment

by KirkpatrickPrice / April 18th, 2017

Properly scoping your environment is the most important initial step of becoming PCI compliant. The scope of the Cardholder Data Environment (CDE) determines the extent to which all PCI DSS controls must be in place. If an asset is in scope, all controls will apply. If an asset is not in scope, then thereā€™s no concern to PCI. Errors in scoping can lead to serious consequences, so itā€™s important to…

The 12 PCI DSS Requirements

by KirkpatrickPrice / April 18th, 2017

This exclusive video series, PCI Demystified, was developed to assist your organization in understanding what Payment Card Industry Data Security Standard (PCI DSS) is, who it applies to, what the specific requirements are, and what your organization needs to do to become compliant. The 12 PCI DSS Requirements The PCI DSS was jointly developed by the payment card brands to encourage and enhance cardholder data security and facilitate the broad…