0 Replies Latest reply on Apr 15, 2011 5:42 AM by fcaron

    Interested to use or contribute to the PCI-Palooza? Start here!

    fcaron

      The kick-off of this initiative was in this NCM compliance: join the PCI-Palooza!. Read all about it, especially how to win a FREE tee shirt!

      From here, there are 2 main areas:

      The discussion forum where you can ask question about hardening of your favorite vendor / OS

      It is organized per Vendor and OS. You can create a new discussion in this area.

      See this table for a recap of the discussions created so far

      Vendor

      OS

      Link to discussion

      Comments

      Cisco

      IOS

      Cisco-IOS hardening and testing for NCM PCI-Palooza

       

      Cisco

      ACE

      See discussion

       

      Cisco

      ASA

      See discussion

       

      Cisco

      IDS

      See discussion

       

      Juniper

      Junos

      See discussion

       

      Dell

      Dell-OS

      See discussion

       

      RSA

      IDS

      See discussion

       

       

      The content where users post the PCI content created so far.

      It is organized per requirement of the PCI DSS standard (read the PCI DSS document here)

      PCI requirement covered

      Link to content

      Comments

      Requirement 1

      Install and maintain a firewall configuration to protect cardholder data

      Download

       

      Requirement 2

      Do not use vendor-supplied defaults for system passwords and other security parameters

      PCI-V2.0-2.2 Develop Configuration Standards .xml

       

      Requirement 3

      Protect stored cardholder data

       

       

       

      Requirement 4

      Encrypt transmission of cardholder data across open, public networks

       

       

       

      Requirement 5

      Use and regularly update anti-virus software or programs

       

       

       

      Requirement 6

      Develop and maintain secure systems and applications

       

       

       

      Requirement 7

      Restrict access to cardholder data by business need to know

       

       

       

      Requirement 8

      Assign a unique ID to each person with computer access

       

       

       

      Requirement 9

      Restrict physical access to cardholder data

       

       

      Requirement 10

      Track and monitor all access to network resources and cardholder data

       

       

      Requirement 11

      Regularly test security systems and processes

       

       

      Requirement 12

      Maintain a policy that addresses information security for all personnel