Home > Security > PCI DSS – security controls for CDE

PCI DSS – security controls for CDE

  • 11.5 – File Integrity monitoring on all servers (System32 files, Web server files)
  • 10 – Collection of Windows Security log and IIS logs
  • 10 – Collection of IDS/IPS/WAF logs
  • 10.5 – Analysis of the logs (SIEM)
  • 5 – Antivirus
  • 6.2 – Windows Updates and regular patching of 3rd party software
  • 2 – Hardening of all servers and network devices
  • 2 – Hardening of the Hypervisor (12.9 – Service Provider to maintain this requirement)
  • 1 – Restrictive firewall rules
  • 1.1.1, 6.4.5 – Change management (firewall changes and software updates)
  • 4 – Encrypted transmission of CHD
  • 6 – Secure software development (written policy for secure software development, trainings for secure software development,
  • 11.4 – IDS/IPS
  • 6.6 – Web Application Firewall (WAF)
  • 8.1 – Individual User Accounts for all staff accessing the CDE
  • 8.1, 8.2 – Password policy on all servers and devices in CDE
  • 8.3 – Two factor authentication for remote access (for administrators)
  • 8.6 – Second factor auth. must not be shared between admins
  • 9.1 – Physical access controls (locked, authenticated physical access OR CCTV overlooking the cabs with 90 days of storage)
Advertisements
Categories: Security Tags:
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: