Best time to perform PCI compliance activities

What you need to do daily, weekly, quarterly, and, yes, annually to maintain PCI compliance.

By  

11.1 Test for the presence of wireless access points by using a wireless analyzer at least quarterly or deploy a wireless IDS/IPS to identify all wireless devices in use.

11.2 Run internal and external network vulnerability scans at least quarterly and after any significant change in the network (such as new system component installations, changes in network topology, firewall rule modifications, product upgrades).

Weekly

11.5 Deploy file integrity monitoring software to alert personnel to unauthorized modification of critical system files, configuration files or content files; and configure the software to perform critical file comparisons at least weekly.

Daily

10.6 Review logs for all system components at least daily. Log reviews must include those servers that perform security functions like intrusion detection system (IDS) and authentication, authorization, and accounting protocol (AAA) servers (for example, RADIUS).

12.2 Develop daily operational security procedures that are consistent with requirements in this specification (for example, user account maintenance procedures, and log review procedures).

Immediately

8.5.3 Set first-time passwords to a unique value for each user and change immediately after the first use.

8.5.4 Immediately revoke access for any terminated users.

12.3.9 Activation of remote-access technologies for vendors only when needed by vendors, with immediate deactivation after use.

Not specified, but suggest annually

12.8.4 Maintain a program to monitor service providers’ PCI DSS compliance status.

Mike Brunenmeister is a security researcher at SecureState

For more security tips from SecureState, see:
15 must-listen podcasts for security pros
How to write a security policy your users will read (and follow)
Want to secure your data? Classify it.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness