0
603views
PCI - Key IT Requirements Summary
1 Answer
written 5.2 years ago by |
Systems must be "hardened" to industry standards (SANS, NIST, or CIS)
a) Patch operating systems and software
b) Disable unnecessary services.
c) Change default and vendor passwords and accounts.
Firewalls are required, and there are specific policies required for DMZ to Internal, and Internal to External traffic, with both ingress and egress filters.