A.1.4 Enable processes to provide for timely forensic investigation in the event of a compromise to any hosted merchant or service provider. - PCI DSS FAQ - Payment Card Industry (PCI) Data Security Standard Discussion Forum

		PCI DSS FAQ - Payment Card Industry (PCI) Data Security Standard Discussion Forum > Payment Card Industry Data Security Standard Frequently Asked Questions (PCI DSS FAQ) > Appendix A: PCI DSS Applicability for Hosting Providers > Requirement A.1: Hosting providers protect cardholder data environment
A.1.4 Enable processes to provide for timely forensic investigation in the event of a compromise to any hosted merchant or service provider.

Requirement A.1: Hosting providers protect cardholder data environment As referenced in Requirement 12.8, all service providers with access to cardholder data (including hosting providers) must adhere to the PCI DSS. In addition, Requirement 2.4 states that hosting providers must protect each entity’s hosted environment and data. Therefore, hosting providers must give special consideration to the following::

Thread Tools

Search this Thread

Display Modes

03-18-2007, 03:51 AM

admin

Administrator

Join Date: Jul 2002

Posts: 229

A.1.4 Enable processes to provide for timely forensic investigation in the event of a compromise to any hosted merchant or service provider.

A.1.4 Verify the shared hosting provider has written policies that provide for a timely forensics investigation of related servers in the event of a compromise.

Bookmarks

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Posting Rules
You may not post new threads You may not post replies You may not post attachments You may not edit your posts BB code is On Smilies are On [IMG] code is On HTML code is Off Forum Rules

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
12.8.2 Agreement that includes an acknowledgement that the service provider is responsible for the security of cardholder data the provider possesses	admin	[PCI-DSS] Requirement 12: Maintain a policy that addresses information security	1	03-30-2010 03:34 AM
A.1 Protect each entity's (that is merchant, service provider, or other entity) hosted environment and data, as in A.1.1 through A.1.4: A hosting provider must fulfill these requirements as well as all other relevant sections of the PCI DSS. Note: Even though a hosting provider may meet these requirements, the compliance of the entity that uses the hosting provider is not guaranteed. Each entity must comply with the PCI DSS and validate compliance as applicable.	admin	Requirement A.1: Hosting providers protect cardholder data environment	0	03-18-2007 03:49 AM
12.9.4 Provide appropriate training to staff with security breach response responsibilities	admin	[PCI-DSS] Requirement 12: Maintain a policy that addresses information security	0	03-18-2007 03:47 AM
12.9.1 Create the incident response plan to be implemented in the event of system compromise. Ensure the plan addresses, at a minimum, specific incident response procedures, business recovery and continuity procedures, data backup processes, roles and responsibilities, and communication and contact strategies (for example, informing the Acquirers and credit card associations)	admin	[PCI-DSS] Requirement 12: Maintain a policy that addresses information security	0	03-18-2007 03:46 AM
[PCI-DSS] 2.1.1 For wireless environments connected to the cardholder data environment or transmitting cardholder data, change wireless vendor defaults, including but not limited to default wireless encryption keys, passwords, and SNMP community strings. Ensure wireless device security settings are enabled for strong encryption technology for authentication and transmission.	admin	[PCI-DSS] Requirement 2: Do not use vendor-supplied defaults for system passwords and other security	0	03-18-2007 02:49 AM

All times are GMT -4. The time now is 04:39 AM.