PCI Assessment

NDB Advisory Description of Groups, Roles, and Responsibilities | PCI DSS Requirement 1.1.4

Description of Groups, Roles, and Responsibilities | PCI DSS Requirement 1.1.4

Regarding PCI DSS Requirement 1.1.4, "Description of groups, roles, and responsibilities for logical management of network components", this is again yet another example of having documented policies and procedures in place for ensuring PCI DSS compliance. Remember, PCI DSS Requirement 12, titled "Maintain a Policy that Addresses Information Security for Employees and Contractors", is NOT the only area where you need to develop documented policies and procedures. Remember, sprinkled throughout the PCI DSS 1.2 requirements are words and phrases that directly or indirectly relate to having documented policies and procedures in place. Thus, to meet the requirements set forth in PCI DSS 1.1.4, you need to have this documented, which means a formalized policy and procedure for the individuals responsible for firewall and router configurations standards, which generally will include responsibilities for most other supporting network "system components" and devices, such as routers, switches, and other devices not mentioned. This documented policy and procedure should be blended and merged in with your organization's overall corporate security policy document, which is part of PCI DSS Requirement 12.

To learn more about the Payment Card Industry Data Security Standards and becoming PCI DSS compliant, please contact NDB, Advisory.

Sample image

Send us an This email address is being protected from spambots. You need JavaScript enabled to view it. or give us a call at (800) 277-5415 x706

 

Location

  • (800) 277-5415, ext. 706
PCI DSS Compliance Experts

 

Contact Us