Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PCI Implementation

Hi,

Can u please guide me the how to setup Payment Card Industry.What are the security products are required and how to implement those products .

Waiting for your reply.

Regards

Sivaji.P

6 REPLIES
Cisco Employee

Re: PCI Implementation

Here is the link to the PCI solution Design guide. It lists Products and what PCI requirements they address as well as how to configure them.

http://www.cisco.com/web/strategy/retail/pci_imp.html

New Member

Re: PCI Implementation

Hire a consultant

I am just finishing the PCI security upgrade for Charming Shoppes

www.chrisgallup.com

Chris

New Member

Re: PCI Implementation

I just had this dropped in my lap last week and told we have to be PCI compliant before January 1st. Do you think that is feasible? I'm not a security expert but I am the Infrastructure guy.

Cisco Employee

Re: PCI Implementation

If you are talking about Jan 1, 2008 and your company is just now starting,it does not sound feasible to me.

Of course, it depends on many factors, like the size of your company, your existing policy and the existing configurations of your infrastructure.

But, based on your note, I would say your company has identified a red flag.

New Member

Re: PCI Implementation

I think one of the first things you need to do is download the PCI Self Assessment and PCI DSS. then, depending on what policies, processes, procedures, documentation you have, make a decision as to whether you want to set out alone remediating. If your company is big and you have a long ways to go, I would suggest getting a partner to assist in remediation. We decided to do the remediation ourselves but we contracted with a company to give us a roadmap.

As far as the actual security products needed, there is nothing specifically named. It is more of a set of guidelines for minimum functionality. basically, if you go through the DSS, you can start to carve out what products will work for you in each area. I think that process took us longer than anything.

New Member

Re: PCI Implementation

You really need a good assesment/audit from a 3rd party organization that is PCI certified. Like Fishnet or ISS and I'm sure there are others as well.

You will not be ready by Jan 1 of 2008..not even close. Your first step is to find out what you need to remediate and this is best done by a PCI audit.

ISS actually did our audit and helped write a document stating what failed and how we will resolve this issues. We were also granted time to get into compliance.

225
Views
4
Helpful
6
Replies