Share This [+]
November 18th, 2009 by Jason B.
The PCI Council introduced the PCI version 1.2.1 specification earlier this year, and there has been a lot of clarification done so the specification makes more sense; however,, there is still a lot of help needed in deciphering exact needs and next steps. Face it: it all comes down to what you have to do to be compliant. Well, a Managed Host can offload some of that confusion. At INetU, we can work with you and provide guidance to the 12 section PCI specification. Here is a nice little overview about how INetU can help you on your way to PCI compliance.
Requirement 1 – Requirement 1 deals with the network topology’s overall security, including items like Routers, switches, and firewalls. The overall security policy and implementation of those devices are key. INetU can work with you to build a strong rule set for your managed firewall, and we can secure network topology with segmentation to encompass your servers here. The rest of INetU’s network Infrastructure outside your environment is covered via INetU’s PCI Level 1 Service Provider compliance.
Requirement 2 – This requirement deals with securing the devices/systems. Items like removing default vendor supplied passwords, strong configuration standards, and encrypting administrative access are key here. INetU provides a strong configuration standard, based on NIST and SANS requirements, that includes changing default passwords. INetU can also provide VPN capable firewalls so that administrative access to your servers is encrypted.
Requirement 3 – PCI Requirement 3 deals with protection of the cardholder data that can be stored on your servers. INetU can help provides good guidelines on how to handle such information, as well as provide tools to check for this type of data on your servers, and whether it meets the correct requirements. A lot of these requirements are best practices in terms of secure data. INetU can not only work with you on best practices and options for key management, but help decipher some of the specifics in this requirement.
Read the full post »
Tags: managed hosting, pci, security
Share This [+]
August 5th, 2009 by INetU
INetU Managed Hosting, an enterprise managed hosting provider, announced today that it has joined the PCI Security Standards Council as a new participating organization. As a Participating Organization, INetU will work with the Council to evolve the PCI Data Security Standard (DSS) and other payment card data protection standards.
The PCI DSS, endorsed by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc., requires merchants and service providers that store, process or transmit customer payment card data to adhere to information security controls and processes that ensure data integrity. More information on the council and the standard can be found at www.pcisecuritystandards.org
As a Participating Organization, INetU will now have access to the latest payment card security standards from the Council, be able to provide feedback on the standards and become part of a growing community that now includes more than 500 organizations. In an era of increasingly sophisticated attacks on systems, adhering to the PCI DSS represents an entity’s best protection against data criminals. By joining as a Participating Organization, INetU is adding its voice to the process.
Read the full news article here: INetU Managed Hosting joins PCI Security Standards Council as newest Participating Organization
Tags: managed hosting, news, pci
Share This [+]
May 20th, 2009 by Jason B.
As you begin the journey to PCI compliance, you might feel a little overwhelmed with all of the steps and requirements involved. That’s why I’ve written this guide to break the PCI DSS into small, digestible chunks. If you understand the 12 basic requirements as an overview, and understand how they protect your customers, the rest of the pieces fall easily into place.
Obligatory disclaimer: You should always consult a QSA for how PCI requirements apply to your environment and what is required for you to become PCI compliant.
Requirement 1: Install and maintain a firewall configuration to protect cardholder data.
This requires you to not only properly segment your network to control who and what has access to cardholder data, but also to maintain this segment via regular audits and testing. Remember that your data is only as secure as the people who have access to it.
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters.
Read the full post »
Tags: firewall, pci, security
Share This [+]
May 14th, 2009 by INetU
INetU Managed Hosting and Trustwave have partnered to deliver a security program for merchants seeking compliance with the PCI DSS, HIPAA, and other standards in a managed hosting environment. Together, INetU’s industry-leading managed hosting services and Trustwave’s managed security solutions put merchants who engage both companies in an excellent position to validate compliance with the PCI DSS and other regulatory standards. The new security program provides … [full news article here]
If you have specific compliance needs, also consider the following resources:
Tags: hipaa, managed hosting, news, pci, security
![[]](/imagesb/reflection02.gif)