Credit Card Payments – PCI DSS
The Credit Card Payments PCI DSS security compliance standards require Full Cyber, Physical and Operational Measures. The following quotes are directly from the latest standards issued May 2015:
Requirement 1.1 “Establish and implement firewall and router configuration standards…Firewalls and routers are key components of the architecture that controls entry to and exit from the network. These devices are software or hardware devices that block unwanted access and manage authorized access into and out of the network. Configuration standards and procedures will help to ensure that the organization’s first line of defense in the protection of its data remains strong.” Firewalls must protect your system monitoring traffic as well as your networked power and environmental monitoring systems.
Requirement 9 “Any physical access to data or systems that house cardholder data provides the opportunity for individuals to access devices or data and to remove systems or hardcopies, and should be appropriately restricted… Criminals attempting to gain physical access to sensitive areas will often attempt to disable or bypass the monitoring controls. Sensitive areas refer to any data center, server room or any area that houses systems that store, process, or transmit cardholder data.”
“Tie all access control and monitoring systems to an Uninterruptible Power Source (UPS).” In addition, most all POS servers include UPS systems as a standard component. Maintaining and monitoring all UPS systems is critical to ensuring the integrity of all credit card data.
Inherent in PCI DSS standards are maintaining an environment conducive to maximizing network equipment uptime. This includes proper cooling and environmental controls for all areas in which data is transported or stored.