PCI DSS Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters.
Requirement Addressed
2.2 System configurations and default tracking
Develop
configuration standards for all system components. Assure that these
standards address all known security vulnerabilities and are consistent with
industry-accepted system hardening standards
There are known weaknesses with many operating systems, databases, and enterprise applications, and there are also known ways to configure these systems to fix security vulnerabilities. Solutions need to be put in place that can help identify vulnerabilities and configuration deltas on systems. |
2.4
Maintain an inventory of in scope components for PCI.
Inventory of hardware and software must be maintained - including a description of each component’s function, and interviewing personnel to verify that the inventory is current. |
Solution Features
| > Intrusion Detection (IDS) / Intrusion Prevention (IPS) Strongly Recommended Detects and blocks network intrusion and other hacks by cyber-criminals. |
> Systems configuration and default tracking. - Keep endpoint configurations in check by finding vulnerable applications in the enterprise. - Control the execution of software. - Track changes to system configurations and allow only approved services and software to run according to the policy established for each endpoint. - Detect in real time what is executing in your environment so you can better protect company assets and measure compliance risk at any time. - Track users and configuration changes on databases. - Database audit and configuration change monitoring. |
Contact us today to discuss your requirements in more detail.
P: +44(0)7714 209927
S: +44(0)1273 329753
| 
info@securenetconsulting.co.uk
|