Overview
In accordance with Payment Card Industry Data Security Standards (PCI DSS) requirements, UIT PCI Compliance Services has established a formal policy and supporting procedures for having a firewall at each Internet connection and between any demilitarized zone (DMZ) and the internal network zone. This policy is to be implemented immediately. It will be evaluated on an annual basis for ensuring its adequacy and relevancy regarding UIT-PCI Compliance Services’ needs and goals.
Policy
UIT-PCI Compliance Services will ensure that the personal firewall software on any mobile PCI computers adheres to the following conditions for purposes of complying with the Payment Card Industry Data Security Standards (PCI DSS) initiatives (PCI DSS Requirements and Security Assessment Procedures):
- Personal firewall software is required for all mobile devices that connect to the Internet (for example, laptops used by employees) when outside the company network, and which are also used to access the company network. (Req. 1.4).
- Specific configuration settings are defined for personal firewall software. (Req. 1.4).
- Personal firewall software is to be configured to actively run on all such devices. (Req. 1.4).
- Personal firewall software is to be configured in that it is not alterable by users of mobile devices. (Req. 1.4).
Responsibility for Policy Maintenance
UIT’s PCI Compliance service is responsible for ensuring that the aforementioned policy is kept current as needed for purposes of compliance with the Payment Card Industry Data Security Standards (PCI DSS) initiatives.
