Best Practice: Developers and system administrators request changes to firewall rule sets all the time. Whether it’s to do work on system components or test system components, these changes can make a mess out of your rule sets. It’s so easy for someone to unintentionally request an “any” rule which is prohibited in the cardholder data environment. Our best advice is to insert your ISA or someone on the compliance team into the firewall rule change review.
Does managing your PCI scope feel like you’re herding cats or trying to nail jell-o to a tree? If you don’t have a handle on your scope, achieving or maintaining PCI DSS Compliance is next to impossible.
Through our Ultimate Guide On How To Manage PCI DSS Requirement Frequencies, we’ll walk you through each requirement area and show you what the specific requirement frequencies are, why they have a frequency, and we’re going to share our best practices on how to create sustainable processes so that you can maintain PCI DSS Compliance without pulling your hair out.
When I was in training for my PCI ISA certification in 2012, I heard the instructor say, “and remember, the DSS requirements loop.” As someone brand new to the world…