Segmenting a network into a card processing segments and non-card processing segments helps to protect cardholder data and minimize the scope of a Payment Card Industry (PCI) Data Security Audit. The card processing segments must then be carefully monitored and controlled to ensure that only authorized users and devices can connect to the network. Given the highly distributed nature and accessibility of wired and wireless networks within the retail industry, any IP-enabled device must be confirmed before it’s allowed to connect to a retailer’s network. Furthermore, if a device is removed from the network it should trigger an alert.
The simplest way to reduce the scope of a PCI DSS audit is to ensure proper network isolation for the systems that store, process, or transmit cardholder data. Without adequate network segmentation the entire network may be included within the scope of the audit. And no matter what type of segmentation you select, Qualified Security Assessors (QSA’s) regularly need to verify that the cardholder network is properly isolated and validate that every device that’s added/removed from your network is compliant, logged, and recorded. Network Sentry can quickly and easily restrict and audit access to cardholder networks.
Leveraging Network Access Control, merchants can:
- Provision the appropriate level of network access to approved devices and users
- Audit and log the devices that are connecting to the network in real time to demonstrable compliance
- Detect/prevent any rogue IP-enabled device that tries to connect to the retail network
- Recognize when a Point-of-Sale or video camera has been disconnected
- Reduce the scope and cost of the PCI DSS assessment
- Reduce the difficulty of implementing, maintaining, and demonstrating PCI DSS controls
- Reduce the risk to an organization by minimizing network access and exposure
On Demand Webinars