Cisco Payment Card Industry Compliance Services

Similar documents
Cisco SAN Health Check Service

Installing the RJ-45 Bracket and Cable on the Cisco ONS Rack

Cisco Redundant Power System 2300 Compatibility Matrix

User Guide for Microsoft Outlook Plug-in for Cisco Unified Videoconferencing Manager Release 7.1

1 Obtaining Cisco ANA NSA 1.0 Patch 1

Installing and Configuring the Microsoft Outlook Client Plug-in for Cisco Unified Videoconferencing Manager Release 7.1

Release Notes for Click to Call Release 7.x

Cisco Data Center Business Continuity Planning Service

RAID Battery Backup Unit Replacement and RAID Firmware Upgrade for Cisco Security MARS

Release Notes for TimeCardView 7.0.x

Installing and Configuring the Lotus Notes Plug-in for Cisco Unified Videoconferencing Manager Release 7.1

Configuring LDAP. Finding Feature Information. Contents

Connecting Cisco 4-Port FXS/DID Voice Interface Cards

Upgrading to the Cisco ASR 1000 Series Routers ROMmon Image Release 12.2(33r)XNC

User Guide for Cisco IP Phone Messenger Release 8.0, 8.5, and 8.6

Security Best Practices Supplement for Cisco Digital Media Encoders

Release Notes for Cisco ONS MA Release 9.01

Cisco Service Control Service Security: Outgoing Spam Mitigation

Cisco Aironet Very Short 5-GHz Omnidirectional Antenna (AIR-ANT5135SDW-R)

Maintenance Checklists for Microsoft Exchange on a Cisco Unity System

Release Notes for Cisco Unified CRM Connector for SAP Release 1.0(1)

PPPoE Agent Remote-ID and DSL Line Characteristics Enhancement

Release Notes for Cisco ONS SDH Release 9.01

Managing the CiscoLive 2009 Network

Adding a Cisco Small Business 300 Series Switch to SBCS 2.0

Cisco Unified Web and Interaction Manager Browser Settings Guide

Cisco Unified Attendant Console Backup and Restore Guide

Maintenance Checklists for Active Directory on a Cisco Unity System with Exchange as the Message Store

Hardware and System Software Specification (Bill of Materials)

Release Notes for Catalyst 6500 Series and Cisco 7600 Series Internet Router CEF720 Module ROMMON Software

Online Bank Secures Future Leadership

The CVD program consists of systems and solutions designed, tested, and documented to facilitate faster, more reliable, and more predictable customer

Release Notes for Cisco Unified Attendant Console Standard Release

Cisco TEO Adapter Guide for BMC Remedy

My Devices User Guide

Connecting Cisco DSU/CSU High-Speed WAN Interface Cards

Cisco Smart Services for Small and Medium Businesses. Expanding Your Service Business Opportunities

Using Microsoft Outlook to Schedule and Join Cisco Unified MeetingPlace Express Meetings

Recovery Guide for Cisco Digital Media Suite 5.2 Appliances

7825-I4, 7828-I4 Hard Disk Firmware Update

Cisco Nexus 4001I and 4005I Switch Module for IBM BladeCenter Getting Started Guide

Cisco HealthPresence Patient Pod Assembly Guide

Cisco Software Licensing Information for Cisco Unified Communications 500 Series for Small Business

Cisco Video Surveillance Virtual Matrix Client Configuration Guide

Release Notes for Cisco Unified Attendant Console Compact Edition Version

Cisco Group Encrypted Transport VPN (GET VPN) and LISP Interaction

Cisco AP 541N Wireless Access Point Part of the Cisco Small Business Pro Series

PPPoE on ATM. Finding Feature Information. Contents

RAID Controller Firmware Upgrade Instructions for the Cisco WAE-7341, 7371, and 674

Cisco PGW 2200 Softswitch Generic Call Tagging Feature Module

Cisco TelePresence System 1000

Release Notes for Cisco Secure Services Client Release for Windows Vista

Cisco WAAS Mobile User Guide

Exclusive Configuration Change Access and Access Session Locking

Cisco Virtual Office End User Instructions for Cisco 1811 Router Set Up at Home or Small Office

Cisco Unified MeetingPlace for Microsoft Office Communicator

Release Notes for Cisco Small Business Pro ESW 500 Series Switches

Cisco TEO Adapter Guide for Web Service

Cisco BTS Softswitch Turkish ISUP Feature Module

Cisco Unified ICM ACD Supplement for VRU Peripheral Gateway

Configuring an Intermediate IP Multicast Helper Between Broadcast-Only Networks

Protected URL Database

Contextual Configuration Diff Utility

Improving Government Certification Testing

Cisco 7200 Series Routers Boot Images Information

HP NNM Integration User Guide for CiscoWorks Network Compliance Manager

Release Notes for SPA942 and SPA962 IP Phones Firmware Version 6.1.3

User Guide for Cisco Unified Videoconferencing 5200 Series MCU Release 7.1

Wireless-G IP Phone QUICK INSTALLATION GUIDE. Package Contents

Cisco Unified Web and Interaction Manager Browser Settings Guide

ADMINISTRATION GUIDE Cisco Small Business

Release Notes for Cisco IronPort AsyncOS 7.3 for

Connecting Cisco WLAN Controller Enhanced Network Modules to the Network

CCNP Security Secure

Configuration Replace and Configuration Rollback

Behavioral Change for Buffer Recarving

Installing IEC Rack Mounting Brackets on the ONS SDH Shelf Assembly

Modified LNS Dead-Cache Handling

User Guide for the Cisco Unity Connection Phone Interface

Release Notes for Cisco Broadband Access Center 3.5

Configuring the WIP310 Wireless-G IP Phone with the SPA9000 Voice System

Release Notes for Cisco Service Control Management Suite Collection Manager (SCMS CM) 3.1.6

FIPS Security Policy for Cisco Aironet Lightweight AP1131, AP1142, AP1242, AP1252, and AP1522 Wireless LAN Access Points

Cisco MDS 9000 Family Release Notes for Cisco MDS Fabric Manager Release 3.4(1a)

Release Notes for Cisco Video Surveillance Manager 4.1/6.1

Building Integrated Timing Source for the Cisco Series Router

CCNP Voice TVoice

Cisco Unified Mobile Communicator 3.0 User Portal Guide

Cisco Content Delivery Engines Generation 2

Cisco VT Camera III QUICK START GUIDE INCLUDING LICENSE AND WARRANTY

Cisco BTS Softswitch Site Preparation and Network Communications Requirements, Release 6.0. Safety and Compliance

Cisco Open Platform for Safety and Security: Incident Collaboration Architecture Building Block

Cisco TEO Process Automation Guide for Automation for SAP BOBJ Enterprise

Cisco Unity Express Voic System User s Guide

User Guide for Cisco Unified Service Statistics Manager

Configuring ISG VRF Transfer (Cisco IOS Release 12.2(28)SB)

Configuring NetFlow Top Talkers using Cisco IOS CLI Commands or SNMP Commands

VPDN LNS Address Checking

Release Notes for SPA9000 Voice System

QUICK START Remote Control Quick Start Guide for Cisco Digital Media Players

Transcription:

PCI Data Security Standard: Protecting Consumers, Protecting You The PCI Data Security Standard affects all types of businesses that process credit card transactions, including: Restaurants, retail establishments, casinos, and hotels Financial, insurance, and healthcare businesses Universities and state agencies The PCI Data Security Standard was developed by major credit card companies to protect cardholder data. Complying with the standard helps merchants to: Better safeguard their customers personal data Enhance security posture Reduce business risk The PCI Data Security Standard includes 12 requirements that support 6 objectives: Build and maintain a secure network Protect cardholder data Maintain a vulnerability management program Implement strong access control measures Regularly monitor and test networks Maintain an information security policy Cisco Payment Card Industry Compliance Services Help achieve Payment Card Industry compliance and stay compliant by identifying and remediating compliance gaps. Service Overview PCI Compliance If your business stores, processes, or transmits credit card data, it needs to adhere to the Payment Card Industry (PCI) Data Security Standard. This standard requires all companies that process credit card transactions to establish adequate controls to protect cardholder data and to audit their networks, policies, and processes. Addressing PCI Compliance Challenges and Business Risks The road to achieving compliance and staying compliant includes three steps: 1. Understand what your organization needs to do to achieve compliance. 2. Remediate issues and deploy a compliant solution. 3. Maintain, manage, and optimize that solution. Supporting Your Efforts to Achieve and Maintain Compliance Cisco PCI Compliance Services support your efforts to achieve PCI compliance and stay compliant through four services: Cisco PCI Gap Analysis Service: Assess your network relative to the PCI Data Security Standard Cisco PCI Remediation Service: Address and close compliance gaps as needed Cisco PCI Remote Monitoring and Management Service: Rapidly identify threats Cisco PCI Periodic Gap Analysis Service: Proactively identify potential gaps and risks 2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. 1

Cisco PCI Gap Analysis Service PCI gap analysis assesses the current state of your network relative to the PCI Data Security Standard through a combination of interviews and automated network assessment. It provides high-level recommendations for network mitigation to improve alignment with the standard. (See Table 1.) Table 1. Cisco PCI Gap Analysis Service,, and Deliverables The Cisco PCI Gap Analysis Service helps you to: Accelerate the identification of gaps relative to the PCI Data Security Standard. Prevent additional, time-consuming planning cycles by proactively identifying potential gaps and risks. Gap analysis Gather information about your current PCI infrastructure, security policies, customer data, security protection mechanisms, and other relevant factors by interviewing staff and stakeholders onsite or remotely. Identify compliance gaps relative to the PCI Data Security Standard. Gather and analyze your device configurations using manual processes and automated tools. Deliverables PCI compliance report detailing gaps between your current environment and the PCI Data Security Standard and recommended changes to close the gaps Cisco PCI Remediation Service The scope of this service varies depending on the results of the Cisco PCI Gap Analysis Service and your decisions about which remediation activities you prefer to do yourself. Scope may include development of a high-level design, low-level solution design, and PCI solution implementation and test plans, as well as support for implementation and testing. (See Table 2.) Table 2. Cisco PCI Remediation Service,, and Deliverables Cisco PCI Remediation Service helps you to: Increase network security by aligning hardware and software releases, features, and functionality with PCI Data Security Standard specifications. Improve deployment team and operations staff proficiency by providing continuous knowledge exchange throughout service delivery. Mitigate the risk of network downtime and of costs from potential rework and speed implementation and migration of new security solutions and technologies through time-tested design methodologies. Prioritize your remediation strategy and more effectively budget by providing a detailed PCI solution implementation plan. PCI solution high-level design development Review the gap analysis findings in the PCI compliance report. Develop a high-level design for a solution that can help remediate gaps identified in the PCI compliance report. Explore alternative solution options and document their relative advantages and disadvantages. PCI solution low-level design development Gather detailed requirements and develop a low-level design specification through collaborative design sessions with your staff. Deliverables High-level design specification Low-level design specification 2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. 2

PCI solution implementation plan development Document step-by-step instructions to implement the low-level design. PCI ready-for-use test plan development Review applicable low-level design specification Identify critical stability, availability, and performance requirements for production of test case. Define and document test scripts, deployment scripts, and rollback procedures according to your change and release management processes. PCI implementation support Support solution implementation in accordance with the solution implementation plan, onsite and/or remotely. PCI ready-for-use test Test the implementation in accordance with the ready-for-use test plan. PCI solution transfer of information Provide an informal training workshop and knowledge transfer to improve your staff s understanding of: The solution design and the changes that were made in your environment How to support and manage the solution in your efforts to remain PCI compliant PCI solution implementation plan PCI ready-for-use test plan that can be used during implementation to validate deployment success and acceptance criteria PCI ready-for-use test result report for your approval Cisco PCI Remote Monitoring and Management Service Be better positioned to protect your networked assets by proactively identifying vulnerabilities and incidents. We can monitor, manage, and report on service-level metrics and abnormal events or trends that might adversely affect the availability, capacity, performance, and security of your system relative to the PCI Data Security Standard. (See Table 3.) Table 3. Cisco PCI Remote Monitoring and Management Service,, and Deliverables The Cisco PCI Remote Monitoring and Management Service helps you to proactively protect assets against new and existing threats through rapid incident identification. PCI remote management Identify and assess vulnerabilities. Manage vulnerability remediation. Identify, manage, and report changes to security device baseline security standards using configuration-management and change-management processes. Internet vulnerability scanning Scan your company s websites to identify security weaknesses and vulnerabilities within webbased applications that process credit card information. PCI compliance remote monitoring Monitor network and security devices, endpoints, log management, and endpoint security solutions to rapidly identify incidents. Regularly test security systems and processes. 2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. 3

Cisco PCI Periodic Gap Analysis Service Periodic gap analysis identifies and measures changes that have occurred within your environment since its original PCI gap analysis or most recent periodic gap analysis. If changes have occurred that could affect your PCI compliance status, we can provide services to support remediation, configuration management, and change management. (See Table 4.) Table 4. Cisco PCI Periodic Gap Analysis Service,, and Deliverables The Cisco PCI Periodic Gap Analysis Service helps you to prevent additional, time-consuming planning cycles by proactively identifying potential gaps and risks. Quarterly or semiannual incremental gap analysis Identify and measure changes that might have occurred within your network environment since the original gap analysis or since the last quarterly gap analysis. PCI remediation plan update Review the gap analysis findings in the periodic PCI compliance gap analysis report. Recommend remediation measures. Testing and policy alignment Periodically test security systems and processes for alignment with your security policy. Support alignment of your security policy with the PCI Data Security Standard. Deliverables PCI compliance report detailing gaps between your current environment and the PCI Data Security Standard and recommending changes to close the gaps Updated remediation plan Why Cisco Services Cisco Services make networks, applications, and the people who use them work better together. Today, the network is a strategic platform in a world that demands better integration between people, information, and ideas. The network works better when services, together with products, create solutions aligned with business needs and opportunities. The unique Cisco Lifecycle approach to services defines the requisite activities at each phase of the network lifecycle to help ensure service excellence. With a collaborative delivery methodology that joins the forces of Cisco, our skilled network of partners, and our customers, we achieve the best results. 2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. 4

The Cisco Lifecycle Services Approach Prepare Plan Plan Develop a business case for a technology investment Assess readiness to support proposed solution Create a detailed design to address business and technical requirements Optimize Operate Implement Achieve operational excellence through ongoing improvements Maintain network health through day-to-day operations Deploy new technology The unique Cisco Lifecycle approach to services defines the requisite activities at each phase of the network lifecycle to help ensure service excellence. With a collaborative delivery methodology that joins the forces of Cisco, our skilled network of partners, and our customers, we achieve the best results Cisco and Partner Expertise Cisco security engineers and Cisco Security Specialized Partners are among the industry s elite in providing integrated, collaborative, adaptive solutions. Cisco security engineers typically hold one or more Cisco and security certifications and have deployed, secured, operated, and optimized the performance of many of the largest and most successful networks in the world. Through their access to the deep engineering expertise of the business units that create Cisco products and solutions, Cisco security engineers are able to support you in deploying a solution that is consistent with Cisco product roadmaps. Cisco Security Specialized Partners are recognized for their expertise in designing, installing, and supporting comprehensive, integrated network security solutions. Service activities for the implementation phase of the network or solution lifecycle are delivered primarily through Cisco Security Specialized Partners. However, for technologies and applications that are relatively new, Cisco can perform service activities in conjunction with these partners. Cisco transfers knowledge to broaden and deepen the expertise of our channel partners and your staff. 2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. 5

Cisco PCI Compliance Services help you to: Prevent additional, time-consuming planning cycles by rapidly and proactively identifying potential gaps and risks relative to the PCI Data Security Standard. Increase network security by aligning hardware and software releases, features, and functionality with PCI Data Security Standard specifications. Improve deployment team and operations staff proficiency by providing continuous knowledge exchange throughout service delivery. Mitigate the risk of network downtime and of costs from potential rework and speed implementation and migration of new security solutions and technologies through time-tested design methodologies. Prioritize your remediation strategy and more effectively budget by providing a detailed remediation plan. Proactively protect assets against new and existing threats through rapid incident identification. Availability and Ordering Information Cisco PCI Compliance Services are available globally. Service delivery details might vary by region. For More Information Cisco has created PCI-validated architectures that can help financial services firms reduce complexity and expenses by providing a robust platform for securely expanding your network and supporting PCI compliance in the agency office, contact center, web and data center. For more information, visit http://www.cisco.com/web/strategy/ financial/insurance.html. For more information about Cisco Security Services, visit http://cisco.com/go/ services/security or contact your local account representative. Service delivery details might vary by region. Americas Headquarters Cisco Systems, Inc. San Jose, CA Asia Pacific Headquarters Cisco Systems (USA) Pte. Ltd. Singapore Europe Headquarters Cisco Systems International BV Amsterdam, The Netherlands Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at www.cisco.com/go/offices. CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Nurse Connect, Cisco Pulse, Cisco SensorBase, Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flipshare (Design), Flip Ultra, Flip Video, Flip Video (Design), Instant Broadband, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn, Cisco Capital, Cisco Capital (Design), Cisco:Financed (Stylized), Cisco Store, Flip Gift Card, and One Million Acts of Green are service marks; and Access Registrar, Aironet, AllTouch, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Lumin, Cisco Nexus, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, Continuum, EtherFast, EtherSwitch, Event Center, Explorer, Follow Me Browsing, GainMaker, ilynx, IOS, iphone, IronPort, the IronPort logo, Laser Link, LightStream, Linksys, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, PCNow, PIX, PowerKEY, PowerPanels, PowerTV, PowerTV (Design), PowerVu, Prisma, ProConnect, ROSA, SenderBase, SMARTnet, Spectrum Expert, StackWise, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries. All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0910R) C78-569995-00 11/09 2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback