top of page

PCI DSS Control challenges

Updated: Dec 21, 2020

Suggestion to implement effective and adequate network segmentation to be able to reduce PCI-DSS scope?

  • Do not Mix & create a Mess, Simplify by classifying & segregating systems based on criticality & function.

  • Document all flows to understand the boundaries & dependencies , segregation is the key , segregate based on system handling capabilities .

  • Implement VLAN's & zonal boundaries, restrict traffic flow if required.

  • Move all Management functions if OK to the Inside (internal) network, with reference to e-Commerce restrict all flows inbound & outbound to specifics only.

  • Bi-direction flow & IP sub-net level restrictions will be a better isolation so the scope can be reduced , ensure all restrictions are based on the principles of need to have & need to know basis , just keep what’s required inside PCI zone , rest all can be moved to NON PCI zone or isolated zone .

2. Does PCI-DSS recognize other standards & certificates during the validation/assessment process?

No , this will be an independent Audit focusing on Card holder data . Baseline will be the standard & the controls have to be evaluated fully, other certificates from any other standards cannot shorten the assessment process .

3. How to protect Network Time protocol data?

Use the latest version of NTP . NTP version 3 offers authentication, while Version 4 can support with key pair concept.

4. Best way for Service providers & merchants to be PCI-DSS compliant?

Reduce Scope to the best possible, Manage risk to keep a low appetite, outsource to trusted certified vendors & third party only. If there is no need to store, don't do it . Just avoid higher risk appetite. Accept Risk if there is a need to do so, but ensure risk is very well monitored & contained.

Thank you ... More to publish

20 views0 comments

Recent Posts

See All

802.11 Wi-Fi Architecture

Introduction Wireless networks often extend an existing wired infrastructure. The wired infrastructure may be quite complex to begin with, especially if it spans several buildings in a campus setting.


bottom of page