The PCI specified controls for network devices help build and maintain a secure network. The standard requires measures to be taken to restrict access to confidential data/system components and monitoring of these network devices. One complication that administrators face is that the standard defines the “what,” but not the “how” of implementing these controls. In networks of multiple critical network devices, the lack of knowledge or policy enforcement results in employees leaving the door open for attacks.
Are you struggling to understand and implement the controls required to restrict access to cardholder data using routers and switches? How are you tracking, accessing and testing these controls?
Share your thoughts and let’s discuss among our fellow geeks.