Anyone familiar w/ PCI?

[Cooky]

We need to beef up our network security to be compliant w/ PCI.

Anyone know a good resource to check?
We have a copy of the compliance requirement, but we need a "technical translation" that tells us exactly what we need to do on the network.

For example, some of our reps take credit card info over the phone.
Does it mean we have to encrypt VoIP traffic?
Has anyone successfully encrypted VoIP traffic w/o major problems?

 

[mcmilljb]

Are you talking about this <a target=_blank class=ftalternatingbarlinklarge href="https://www.pcisecuritystandards.org/"><a target=_blank class=ftalternatingbarlinklarge href="https://www.pcisecuritystandards.org/">https://www.pcisecuritystandards.org/</a></a> ?

<a target=_blank class=ftalternatingbarlinklarge href="https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml">https://www.pcisecuritystan......ards/pci_dss.shtml</a> has a list of what you need to be PCI Data Security Standard (PCI DSS) compliant.

Requirement 4: Encrypt transmission of cardholder data across open, public networks

 

[Cooky]

Yes, that's what I'm talking about.

What do you define as "open, public networks"?
Does it refer to WAN and Internet traffic?

We need a way to translate the junk in the guidebook to know exactly what we need to do to be compliant.

 

[mcmilljb]

Originally posted by: Cooky
Yes, that's what I'm talking about.

What do you define as "open, public networks"?
Does it refer to WAN and Internet traffic?

We need a way to translate the junk in the guidebook to know exactly what we need to do to be compliant.

Do a search on Amazon for books on the subject. Plenty of them there.