So, you’ve been alerted of failures of critical security controls…what do you do next? PCI Requirement 10.8.1 requires that you respond to failures of any critical security controls in a timely manner. If not, attacks can take the opportunity to infect your systems.
Your organization’s policies and procedures should outline the expected response to failures, which includes:
- How to restore security functions
- How to identify and document the duration of the security failure
- How to identify and document cause(s) of failure, including root cause, and document remediation required to address root cause
- How to identify and address any security issues that arose during the failure
- How to perform a risk assessment to determine whether further actions are required as a result of the security failure
- How to implement controls to prevent cause of failure from reoccurring
- How to resume the monitoring of security controls
PCI Requirement 10.8.1 is an additional requirement for service providers only.
As part of that review, if there is a failure in any of your systems that detects that you might be hacked, it is required that you have appropriate measures in place to immediately react to that in order to bring those things back online to protect those environments. You have to have a program in place for detecting the failure of those critical systems that detect that you’ve been compromised.