PCI Pro Tip: Configuration Standards

Table of Contents

Compliance Questions?

Key Takeaways

  1. Lorem Ipsum: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut iaculis ultrices interdum.
  2. Lorem Ipsum: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut iaculis ultrices interdum.
  3. Lorem Ipsum: contact auditwerx link, link to associated services.
Blog PCI Pro Tip Configuration Standards

The PCI DSS requires that an organization have configuration standards for devices that make up their infrastructure such as firewalls, routers, load balancers, switches and servers.  That includes devices that exist virtually as well as those that exist physically.

For virtual infrastructure such as that which is in The Cloud, an issue that we run into is that the organization is relying on the Cloud provider to have that configuration standard.  For software as a service (SaaS), that might be the case (you would need to check your responsibility matrix), but for all other Cloud instances, it is always the responsibility of the customer to have that standard.  As a result the assessor typically finds that the organization does not have configuration standards for virtual devices.

This gets worse when the assessor asks for configuration standards for the hypervisor environment. Whether it is VMware, Xen, VM Server or Hyper-V, the PCI DSS requires a configuration standard for the software that creates the virtual environment.  While this is covered by all Cloud providers in their PCI assessments, it is the in-house virtual environments where assessors need configuration standards.  It is not unusual for assessors to find that the in-house hypervisor environment does not have a configuration standard that was followed in deploying the hypervisor.

The next issue an assessor encounters is that there are standards, but they are only for new devices, not the older devices the organization also uses.  It is not unusual for configuration standards to be available for the current release of Cisco IOS, Windows Server or Red Hat Enterprise Linux, but the standards for older versions are no longer stored.  As a result, it is impossible for the assessor to determine if older versions are configured to the last configuration standard used for those versions.

The key takeaways ahead of your PCI assessment are: 

· Do not get rid of those configuration standards for older devices and systems until the last one goes out the door, and

·  Make sure you have all the configuration standards for every type and version of infrastructure in use, not just current types and versions.

For more information or questions on Configuration Standards or PCI DSS, contact Auditwerx today!

Lorem Ipsum

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut iaculis ultrices interdum. Aliquam ultrices risus vel sodales iaculis. Morbi et enim eget ligula venenatis congue ac ac risus. Proin ac eros nisl. Maecenas at semper nibh, a mollis enim. Donec cursus justo eros, ut sagittis metus consequat ac. Nam pretium mauris vel orci gravida, faucibus dignissim massa rutrum.

Nunc mattis sapien metus, non placerat quam imperdiet non. Nullam volutpat, libero sit amet pretium efficitur, lacus augue tincidunt diam, et pharetra nulla diam non nibh. Donec vestibulum pharetra eleifend. Donec id hendrerit est, in mollis dolor. Curabitur ligula tellus, suscipit vitae tempus eu, pharetra ac nisl. Sed sit amet leo blandit, egestas libero nec, pretium leo. Aliquam massa ex, condimentum eget felis vitae, tempor pellentesque neque. Sed tincidunt purus non metus sollicitudin, eget maximus augue volutpat. Donec elementum metus quam, nec dictum lectus varius at. Proin eu tempor erat. Nam ullamcorper scelerisque magna, sed dictum arcu elementum eget.

Lorem Ipsum

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut iaculis ultrices interdum. Aliquam ultrices risus vel sodales iaculis. Morbi et enim eget ligula venenatis congue ac ac risus. Proin ac eros nisl. Maecenas at semper nibh, a mollis enim. Donec cursus justo eros, ut sagittis metus consequat ac. Nam pretium mauris vel orci gravida, faucibus dignissim massa rutrum.

Nunc mattis sapien metus, non placerat quam imperdiet non. Nullam volutpat, libero sit amet pretium efficitur, lacus augue tincidunt diam, et pharetra nulla diam non nibh. Donec vestibulum pharetra eleifend. Donec id hendrerit est, in mollis dolor. Curabitur ligula tellus, suscipit vitae tempus eu, pharetra ac nisl. Sed sit amet leo blandit, egestas libero nec, pretium leo. Aliquam massa ex, condimentum eget felis vitae, tempor pellentesque neque. Sed tincidunt purus non metus sollicitudin, eget maximus augue volutpat. Donec elementum metus quam, nec dictum lectus varius at. Proin eu tempor erat. Nam ullamcorper scelerisque magna, sed dictum arcu elementum eget.

What Kind of SOC* Report Do You Need?

Download Our Helpful Guide

Lorem Ipsum

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut iaculis ultrices interdum. Aliquam ultrices risus vel sodales iaculis. Morbi et enim eget ligula venenatis congue ac ac risus. Proin ac eros nisl. Maecenas at semper nibh, a mollis enim. Donec cursus justo eros, ut sagittis metus consequat ac. Nam pretium mauris vel orci gravida, faucibus dignissim massa rutrum.

Nunc mattis sapien metus, non placerat quam imperdiet non. Nullam volutpat, libero sit amet pretium efficitur, lacus augue tincidunt diam, et pharetra nulla diam non nibh. Donec vestibulum pharetra eleifend. Donec id hendrerit est, in mollis dolor. Curabitur ligula tellus, suscipit vitae tempus eu, pharetra ac nisl. Sed sit amet leo blandit, egestas libero nec, pretium leo. Aliquam massa ex, condimentum eget felis vitae, tempor pellentesque neque. Sed tincidunt purus non metus sollicitudin, eget maximus augue volutpat. Donec elementum metus quam, nec dictum lectus varius at. Proin eu tempor erat. Nam ullamcorper scelerisque magna, sed dictum arcu elementum eget.

Subscribe to Our Newsletter

Stay up to date with the latest from Auditwerx!

Lorem Ipsum

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut iaculis ultrices interdum. Aliquam ultrices risus vel sodales iaculis. Morbi et enim eget ligula venenatis congue ac ac risus. Proin ac eros nisl. Maecenas at semper nibh, a mollis enim. Donec cursus justo eros, ut sagittis metus consequat ac. Nam pretium mauris vel orci gravida, faucibus dignissim massa rutrum.

Nunc mattis sapien metus, non placerat quam imperdiet non. Nullam volutpat, libero sit amet pretium efficitur, lacus augue tincidunt diam, et pharetra nulla diam non nibh. Donec vestibulum pharetra eleifend. Donec id hendrerit est, in mollis dolor. Curabitur ligula tellus, suscipit vitae tempus eu, pharetra ac nisl. Sed sit amet leo blandit, egestas libero nec, pretium leo. Aliquam massa ex, condimentum eget felis vitae, tempor pellentesque neque. Sed tincidunt purus non metus sollicitudin, eget maximus augue volutpat. Donec elementum metus quam, nec dictum lectus varius at. Proin eu tempor erat. Nam ullamcorper scelerisque magna, sed dictum arcu elementum eget.

FAQs


Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut iaculis ultrices interdum. Aliquam ultrices risus vel sodales iaculis. Morbi et enim eget ligula venenatis congue ac ac risus. Proin ac eros nisl. Maecenas at semper nibh, a mollis enim.


Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut iaculis ultrices interdum. Aliquam ultrices risus vel sodales iaculis. Morbi et enim eget ligula venenatis congue ac ac risus. Proin ac eros nisl. Maecenas at semper nibh, a mollis enim.


Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut iaculis ultrices interdum. Aliquam ultrices risus vel sodales iaculis. Morbi et enim eget ligula venenatis congue ac ac risus. Proin ac eros nisl. Maecenas at semper nibh, a mollis enim.


Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut iaculis ultrices interdum. Aliquam ultrices risus vel sodales iaculis. Morbi et enim eget ligula venenatis congue ac ac risus. Proin ac eros nisl. Maecenas at semper nibh, a mollis enim.

About the Author

Lorem Ipsum

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Related Content

Gain Deeper Insights

We use cookies to ensure the best experience. By accessing our site, you agree to our cookie policy.