Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
707
Views
4
Helpful
6
Replies

PCI Implementation

sivajipit
Level 1
Level 1

‎05-21-2007 11:17 PM - edited ‎03-09-2019 06:01 PM

Hi,

Can u please guide me the how to setup Payment Card Industry.What are the security products are required and how to implement those products .

Waiting for your reply.

Regards

Sivaji.P

Labels:
0 Helpful
6 Replies 6

bmcgloth
Cisco Employee
Cisco Employee

‎05-22-2007 09:38 AM

Here is the link to the PCI solution Design guide. It lists Products and what PCI requirements they address as well as how to configure them.

http://www.cisco.com/web/strategy/retail/pci_imp.html

cgallup
Level 1
Level 1

‎09-20-2007 05:27 AM

Hire a consultant

I am just finishing the PCI security upgrade for Charming Shoppes

www.chrisgallup.com

Chris

0 Helpful

qbakies11
Level 1
Level 1
In response to cgallup

‎12-10-2007 01:08 PM

I just had this dropped in my lap last week and told we have to be PCI compliant before January 1st. Do you think that is feasible? I'm not a security expert but I am the Infrastructure guy.

0 Helpful

chjanoff
Cisco Employee
Cisco Employee
In response to qbakies11

‎12-10-2007 03:20 PM

If you are talking about Jan 1, 2008 and your company is just now starting,it does not sound feasible to me.

Of course, it depends on many factors, like the size of your company, your existing policy and the existing configurations of your infrastructure.

But, based on your note, I would say your company has identified a red flag.

0 Helpful

mpipkin
Level 1
Level 1

‎12-11-2007 12:09 PM

I think one of the first things you need to do is download the PCI Self Assessment and PCI DSS. then, depending on what policies, processes, procedures, documentation you have, make a decision as to whether you want to set out alone remediating. If your company is big and you have a long ways to go, I would suggest getting a partner to assist in remediation. We decided to do the remediation ourselves but we contracted with a company to give us a roadmap.

As far as the actual security products needed, there is nothing specifically named. It is more of a set of guidelines for minimum functionality. basically, if you go through the DSS, you can start to carve out what products will work for you in each area. I think that process took us longer than anything.

0 Helpful

pplsi
Level 1
Level 1
In response to mpipkin

‎12-26-2007 11:33 AM

You really need a good assesment/audit from a 3rd party organization that is PCI certified. Like Fishnet or ISS and I'm sure there are others as well.

You will not be ready by Jan 1 of 2008..not even close. Your first step is to find out what you need to remediate and this is best done by a PCI audit.

ISS actually did our audit and helped write a document stating what failed and how we will resolve this issues. We were also granted time to get into compliance.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents