cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
936
Views
4
Helpful
6
Replies

PCI Implementation

sivajipit
Level 1
Level 1

Hi,

Can u please guide me the how to setup Payment Card Industry.What are the security products are required and how to implement those products .

Waiting for your reply.

Regards

Sivaji.P

6 Replies 6

bmcgloth
Cisco Employee
Cisco Employee

Here is the link to the PCI solution Design guide. It lists Products and what PCI requirements they address as well as how to configure them.

http://www.cisco.com/web/strategy/retail/pci_imp.html

cgallup
Level 1
Level 1

Hire a consultant

I am just finishing the PCI security upgrade for Charming Shoppes

www.chrisgallup.com

Chris

I just had this dropped in my lap last week and told we have to be PCI compliant before January 1st. Do you think that is feasible? I'm not a security expert but I am the Infrastructure guy.

If you are talking about Jan 1, 2008 and your company is just now starting,it does not sound feasible to me.

Of course, it depends on many factors, like the size of your company, your existing policy and the existing configurations of your infrastructure.

But, based on your note, I would say your company has identified a red flag.

mpipkin
Level 1
Level 1

I think one of the first things you need to do is download the PCI Self Assessment and PCI DSS. then, depending on what policies, processes, procedures, documentation you have, make a decision as to whether you want to set out alone remediating. If your company is big and you have a long ways to go, I would suggest getting a partner to assist in remediation. We decided to do the remediation ourselves but we contracted with a company to give us a roadmap.

As far as the actual security products needed, there is nothing specifically named. It is more of a set of guidelines for minimum functionality. basically, if you go through the DSS, you can start to carve out what products will work for you in each area. I think that process took us longer than anything.

You really need a good assesment/audit from a 3rd party organization that is PCI certified. Like Fishnet or ISS and I'm sure there are others as well.

You will not be ready by Jan 1 of 2008..not even close. Your first step is to find out what you need to remediate and this is best done by a PCI audit.

ISS actually did our audit and helped write a document stating what failed and how we will resolve this issues. We were also granted time to get into compliance.