PCI-DSS Requirement 10: Configuration Port Security

March 26, 2012Comments Off on PCI-DSS Requirement 10: Configuration Port Security

By Tom Kearns

The Payment Card Industry (PCI) Data Security Standard (DSS) was developed to encourage and enhance cardholder data security and facilitate a broad adoption of consistent data security measures globally. PCI-DSS includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. It is a comprehensive standard that is intended to help organizations proactively protect customer account data.

PCI-DSS Version 2.0, Requirement 10 covers tracking and monitoring of all access to network resources and cardholder data. The intent of this requirement is that logging mechanisms and the ability to track privileged user activities are critical in preventing, detecting, or minimizing the impact of a data compromise. This includes all actions, taken by any individual with root or administrative privileges to configuration ports.

My IT operations customers often struggle with the intent of this requirement as it relates to providing highly privileged access utilizing configuration ports. Since configuration ports are, by default, the emergency access point for every IT device, they are critical for improving mean time to repair (MTTR). Common vendor names for these type of ports are iLO2 (HP), DRAC (Dell), ALOM, ILOM (Sun/Oracle) and CIMC (Cisco).

For a discussion on privileged access to configuration ports, the significant threat they pose as it relates to the intent of PCI-DSS Version 2.0, Requirement 10, see our whitepaper on this subject at: /whitepaper-pci-requirement-10-configuration-ports

ConsoleWorks provides a comprehensive solution for tracking, monitoring, analyzing and alerting on actions taken by privileged individuals with administrative privileges as required by PCI-DSS V2.0, Requirement 10.

About author:

Pam Johnson is the Director of Solutions Marketing for TDi Technologies in Plano, TX. Her role at TDi Technologies allows her to work with customers to learn about and help solve business problems. She received her B.S. In Engineering Technology from Cameron University and has pursued graduate courses towards an M.B.A. at the University of Texas at Dallas. Since graduation, she has held various positions in engineering, product marketing and direct sales.

All entries by

Google Analytics Alternative