BLOG POST

  1. Blog Post

PCI Task Calendar

by: Jeffrey Stiles In: PCI DSS
FEB 16 2017
featured-image

"Calendar*" by Dafne Cholet is licensed under CC BY 2.0

PCI compliance is comprised of over 200 individual requirements. Many of the requirements in the PCI DSS must be maintained throughout the year and conducted on a recurring basis. To help your organization stay on top of PCI compliance and be prepared for the next PCI assessment, we have put together a list of key requirements and recurring tasks.

Initial/One Time Tasks

If your business is going through PCI compliance for the first time these tasks are crucial to becoming PCI compliant and highlight some of the most important and critical PCI tasks:

  • Conduct an initial PCI assessment for all Cardholder Data Environments
  • Install Firewall/UTM device at all connections into the Cardholder Data Environment
  • Segment Public Wi-Fi from all corporate network
  • Develop an Information Security Policy
  • Conduct PCI Risk Assessment

Recurring Tasks

Once your business has established a secure network, it will be requisite to ensure that it stays that way. This is maintained by constantly monitoring the status of your network. The following tasks will help your business stay on task and prepare for PCI compliance and ensuring preparation for future PCI assessments.

Annual Tasks

  • Review information security policies
  • Conduct internal & external penetration tests
  • Conduct employee security awareness training
  • Complete the Self-Assessment Questionnaire or the on-site PCI assessment
  • Conduct storage media inventory
  • Conduct risk assessment
  • Review & disseminate incident response plan

Semiannual Tasks

  • Review firewall & router configuration
  • Conduct web application security assessment
  • Review workstation/Server firewall and antivirus configuration

Quarterly Tasks

  • Conduct and pass an ASV vulnerability scan
  • Conduct internal vulnerability scan
  • Test for rogue wireless access points

Monthly Tasks

  • Update & patch all workstations within the Cardhold Data Enviornment (CDE)

Daily Tasks

  • Review all CDE system logs (network/server/workstation)

Summary

To help your business stay on task for PCI compliance throughout the year we have a PCI compliance Checklist. Please feel free to download the check list here and use it. If you need help completing any of the PCI tasks found on the check list, Aeris Secure can help. We have a qualified staff of PCI QSAs ready to help you with any PCI related services you might need.

Search

CATEGORIES

FEEDS

RSS / Atom

GET IN TOUCH

Call us at (214) 556-6613 or   CONTACT US