Embed Size (px)
DESCRIPTION
PCI Training for PointOS Resellers. PointOS Updated September 28, 2010. Introduction. Purpose of this training. What is PCI / PA-DSS?. - PowerPoint PPT Presentation
Citation preview
PCI Training for PCI Training for PointOS ResellersPointOS Resellers
PointOSUpdated September 28, 2010
IntroductionPurpose of this training
What is PCI / PA-DSS?The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.
What actions are resellers and integrators responsible for?All installations of PointOS must be reviewed for PCI Compliance under the guidelines set forth in this document and the PointOS Implementation Guide.
The PA-DSS Implementation GuideThis document is available on our website at http://www.pointos.com/pci.
The RequirementsPlease review the following requirements.
PA-DSS 1.1.4PA-DSS 1.1.4
PA-DSS TopicCustomer/reseller Responsibility
Delete sensitive authentication data stored by previous payment application versions.
Delete any historical data per the PA-DSS Implementation Guide and PA-DSS Requirement 1.1.4.
PA-DSS 1.1.5PA-DSS 1.1.5
PA-DSS TopicCustomer/reseller Responsibility
Delete any sensitive authentication data (pre-authorization) gathered as a result of troubleshooting the payment application.
Troubleshoot any problems per the PA-DSS Implementation Guide and PA-DSS Requirement 1.1.6.a.
PA-DSS 2.1PA-DSS 2.1
PA-DSS TopicCustomer/reseller Responsibility
Purge cardholder data after customer-defined retention period.
Purge cardholder data exceeding customer-defined retention period.
PA-DSS 2.7PA-DSS 2.7
PA-DSS TopicCustomer/reseller Responsibility
Delete cryptographic key material or cryptograms stored by previous payment application versions.
Delete any historical cryptographic material per PA-DSS Implementation Guide and PA-DSS Requirement 1.1.5.
PA-DSS 3.1PA-DSS 3.1
PA-DSS TopicCustomer/reseller Responsibility
Use unique user IDs and secure authentication for administrative access and access to cardholder data.
Establish and maintain unique user IDs and secure authentication per the PA-DSS Implementation Guide and PCI DSS Requirements 8.1 and 8.2.
PA-DSS 3.2PA-DSS 3.2
PA-DSS TopicCustomer/reseller Responsibility
Use unique user IDs and secure authentication for access to PCs, servers, and databases with payment applications.
Establish and maintain unique user IDs and secure authentication per the PA-DSS Implementation Guide and PCI DSS Requirements 8.1, 8.2, and 8.5.8–8.5.15.
PA-DSS 4.2PA-DSS 4.2
PA-DSS TopicCustomer/reseller Responsibility
Implement automated audit trails.
Establish and maintain PCI DSS-compliant logs per the PA-DSS Implementation Guide and PCI DSS Requirement 10.
PA-DSS 6.1PA-DSS 6.1
PA-DSS TopicCustomer/reseller Responsibility
Securely implement wireless technology.
For wireless implemented into the payment environment by customers or resellers/integrators, install a firewall per the PA-DSS Implementation Guide and PCI DSS Requirement 2.1.1.
PA-DSS 6.2PA-DSS 6.2
PA-DSS TopicCustomer/reseller Responsibility
Secure transmissions of cardholder data over wireless networks.
For wireless implemented into the payment environment by customers or resellers/integrators, use secure encrypted transmissions per the PA-DSS Implementation Guide and PCI DSS Requirement 4.1.1.
PA-DSS 9.1PA-DSS 9.1
PA-DSS TopicCustomer/reseller Responsibility
Store cardholder data only on servers not connected to the Internet.
Establish and maintain payment applications so that cardholder data is not stored on Internet-accessible systems, per the PA-DSS Implementation Guide and PCI DSS Requirement 1.3.4.
PA-DSS 10.1PA-DSS 10.1
PA-DSS TopicCustomer/reseller Responsibility
Securely deliver remote payment application updates.
Receive remote payment application updates from vendor securely, per the PA-DSS Implementation Guide and PCI DSS Requirements 1, 1.3.9, and 12.3.9.
PA-DSS 11.2PA-DSS 11.2
PA-DSS TopicCustomer/reseller Responsibility
Implement two-factor authentication for remote access to payment application.
Establish and maintain two-factor authentication for remote access to payment application, per the PA-DSS Implementation Guide and PCI DSS Requirement 8.3.
PA-DSS 11.2PA-DSS 11.2
PA-DSS TopicCustomer/reseller Responsibility
Implement two-factor authentication for remote access to payment application.
Establish and maintain two-factor authentication for remote access to payment application, per the PA-DSS Implementation Guide and PCI DSS Requirement 8.3.
PA-DSS 11.3PA-DSS 11.3
PA-DSS TopicCustomer/reseller Responsibility
Securely implement remote access software.
Use remote access security features if you allow remote access to payment applications, per the PA-DSS Implementation Guide and PA-DSS Requirement 11.3.b.
PA-DSS 12.1PA-DSS 12.1
PA-DSS TopicCustomer/reseller Responsibility
Secure transmissions of cardholder data over public networks.
Establish and maintain secure
transmissions of cardholder data, per
the PA-DSS Implementation Guide and PCI DSS
Requirement 4.
PA-DSS 12.2PA-DSS 12.2
PA-DSS TopicCustomer/reseller Responsibility
Encrypt cardholder data sent over end- user messaging technologies.
Encrypt all PANs sent with end-user
messaging technologies, per the PA-
DSS Implementation Guide and PCI DSS Requirement
4.2.
PA-DSS 13.1PA-DSS 13.1
PA-DSS TopicCustomer/reseller Responsibility
Encrypt non-console administrative access.
Encrypt all non- console administrative access, per the PA-DSS Implementation Guide and PCI DSS Requirement 2.3.
QuestionsPlease direct any questions, to [email protected].
