PCI Assessment

NDB Advisory For PCI DSS Requirement 1.1.5, how does an organization best meet this requirement?

For PCI DSS Requirement 1.1.5, how does an organization best meet this requirement?

Regarding PCI DSS Requirement 1.1.5, "Documentation and business justification for use of all services, protocols, and ports allowed, including..." it's important to note the keyword here is "documentation". Think back to the network diagram/topology documents that are needed to suffice for PCI DSS Requirement 1.1.2. In that document, along with illustrating a plethora of information about your network, it's also wise to discuss and document your data flows in these diagrams. If you do this, then your network diagram/topology documents should discuss (or at least as a side document or supporting document) the services, protocols, and ports necessary for business. In short, the keyword "documentation" for PCI DSS Requirement 1.1.5 requires just that, documenting these items in a policy document. This is yet another example of where your organization will have to spend time and effort in developing documentation to suffice for the PCI DSS Requirement 1.1.5.a testing procedures that must be carried out. PCI DSS 1.1.5.b pushes even further, requiring "documentation" for any insecure services, protocols, and ports used and justification for them. It's interesting to note that both PCI Requirement 1.1 and Requirement 1.1.5 in essence give you the opportunity to review your configuration standards for ensuring they meet and exceed the requirements for PCI compliance and for your organization's overall business needs. So pull out the pen and paper and start writing these configuration standards down.

To learn more about the Payment Card Industry Data Security Standards and becoming PCI DSS compliant, please contact NDB, Advisory.

Sample image

Send us an This email address is being protected from spambots. You need JavaScript enabled to view it. or give us a call at (800) 277-5415 x706

 

Location

  • (800) 277-5415, ext. 706
PCI DSS Compliance Experts

 

Contact Us