This presentation highlights the elements of PCI, the anatomy of a payment flow and the role of SonicWALL in the PCI ecosystem. This PowerPoint is suitable for external audiences, such as partners.
32. Steps to Prepare for Compliance CONFIDENTIAL All Rights Reserved * Report of Compliance (ROC).
33. Problem - Pain Point - Product Problem Question Pain Point SonicWALL Product/Feature SonicWALL Benefit How concerned are you about Rogue Access Points (RAP)? Finding RAPs connected to the network. (Req. 11) SonicOS, SonicPoints and GMS Single appliance option for RAP detection Would you like to throttle unauthorized merchant activity and increase store site productivity? Non-business traffic is killing the pipe while legitimate business traffic suffers (Req 2) Application intelligence control Policy-based block/restrict throttles CHD traffic with bandwidth management How difficult do you find it to maintain consistent policy control across your protected CHD environment? Maintaining unified policies, controlling access and avoiding orphaned policies and security gaps. GMS – Policy management Easily create security policies and enforce them at the global, group or unit level. How are you mitigating your exposure to web-facing vulnerabilities? Protect against XSS, CSRF, SQL injection, etc. (Req. 6.6) WAF Integrated WAF protection with DPI How do you limit scope and protect CHD in transit? Network segmentation SonicOS (PortSchield, Zones) Integrated segmentation of CHD
Wireless also gives you the opportunity to offer Internet access to your customers. It can be offered as a free service to attract more customers into restaurants, or perhaps offered as a revenue-generating service on its own. If you’re thinking about setting up hotspot Internet access in your restaurants, you already know it is important to keep your wireless guests out of your private POS network. SonicWALL wireless solutions do this by creating a separate wireless network segment for guests which only allows access to the Internet while sealing off the rest of the POS network.
Finally, no security solution is effective is it remains static. The Internet is an incredibly dynamic environment, with new threats emerging every day. Your security solution must be dynamic as well to keep pace with the ever-changing threat environment. It is important to monitor and maintain your protection, whether you do it yourself or outsource it to your preferred IT service provider. Remotely monitoring systems and keeping them up-to-date with SonicWALL management systems will help you address requirement a number of requirements such as 2, 5, 6, 10, and 11. Adam: How has your staff remotely logged in to systems to make sure they’re up-to-date?
As a Level 2, 3 or 4 merchant with external facing IP(s), what needs to be submitted to an acquirer in order to be PCI Compliant? (Answer all that apply) SAQ Attestation of Compliance Results of PCI scan with a passing grade from an ASV Report of Compliance (ROC) is optional Submit the SAQ, evidence of a passing scan (if applicable), and the Attestation of Compliance, passing PCI Scan from an ASV along with any other requested documentation, to an acquirer. A Report of Compliance (ROC) is only required for a Level 1 merchant. A QSA is not required for a Level 2, 3 or 4. Scanning does not apply to all merchants. It is required for Validation Type 4 and 5 – those merchants with external facing IP addresses. Basically if merchant electronically stores cardholder information or if their process systems have any internet connectivity, a quarterly scan by an ASV is required.