Description of Groups, Roles, and Responsibilities | PCI DSS Requirement 1.1.4

Regarding PCI DSS Requirement 1.1.4, "Description of groups, roles, and responsibilities for logical management of network components", this is again yet another example of having documented policies and procedures in place for ensuring PCI DSS compliance. Remember, PCI DSS Requirement 12, titled "Maintain a Policy that Addresses Information Security for Employees and Contractors", is NOT the only area where you need to develop documented policies and procedures. Remember, sprinkled throughout the PCI DSS 1.2 requirements are words and phrases that directly or indirectly relate to having documented policies and procedures in place. Thus, to meet the requirements set forth in PCI DSS 1.1.4, you need to have this documented, which means a formalized policy and procedure for the individuals responsible for firewall and router configurations standards, which generally will include responsibilities for most other supporting network "system components" and devices, such as routers, switches, and other devices not mentioned. This documented policy and procedure should be blended and merged in with your organization's overall corporate security policy document, which is part of PCI DSS Requirement 12.

To learn more about the Payment Card Industry Data Security Standards and becoming PCI DSS compliant, please contact NDB, Advisory.