
	Home > Security Video Library > PCI compliance requirement 2: Defaults

PCI compliance requirement 2: Defaults:

EMAIL THIS

PCI compliance requirement 2: Defaults

DATE: 01 Jun 2009

Diana Kelley and Ed Moyle, co-founders of Security Curve, address PCI compliance requirement 2: "Do not use vendor-supplied defaults for system passwords and other security parameters." PCI compliance requirement 2 calls for:

Documentation of a secure configuration, which includes removal of vendor-enabled passwords and unnecessary services
Implementation of security features like encryption for administrative connections

Ed and Diana review common PCI questions, including "What should be done about hosting providers?"

Watch the rest of the PCI compliance videos, as the experts continue their advice requirement by requirement.

Editor's note: This video is based on PCI DSS version 1.1. For updated information on the changes in PCI DSS version 1.2, see the following:


More on PCI Data Security Standard

			PCI compliance requirement 12: Policy VIDEO - To pass the Payment Card Industry Data Security Standard, particularly Requirement 12, it's important that you maintain a body of policy or documentation of how you will address ... ( Jun 01, 2009 )


			PCI compliance requirement 11: Testing VIDEO - PCI Requirement 11 is a popular one, according to Diana Kelley. Learn why in this instructional video. ( Jun 01, 2009 )


			PCI compliance requirement 10: Auditing VIDEO - Diana Kelley and Ed Moyle of Security Curve review PCI compliance requirement 10: "Track and monitor all access to network resources and cardholder data." ( Jun 01, 2009 )


	Chip and PIN adoption - Chip and PIN use in Europe and the UK has resulted in reducing fraud, according to some studies. Why doesn't the payment industry push chip and PIN adoption in the United States? ( Nov 02, 2009 )


	Chip and PIN adoption serves lesson for U.S. payment ... OPINION - As payment processors offer plans for end-to-end encryption, the UK is finding success with chip and pin deployments. The U.S. payment industry should take notice, expert says. ( Oct 29, 2009 )


	Heartland CIO on end-to-end encryption, credit card ... INTERVIEW - In this interview, Heartland CIO Steven Elefant explains Heartland's E3 end-to-end encryption plan and explains how some tokenization plans could create security weaknesses. ( Oct 26, 2009 )


	PCI wireless guidelines translate to dollars for VARs TIP - The PCI Security Standards Council has recently unveiled its PCI DSS Wireless Guidelines, a document that seeks to simplify how to make wireless networks compliant. ( Oct 26, 2009 \| SearchSecurityChannel.com )


	Heartland CIO is critical of First Data's credit card ... ARTICLE - First Data Corp. uses RSA software for tokenization, providing a possible threat vector for attackers, says Heartland CIO Steven Elefant. ( Oct 26, 2009 )

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Site Index

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2003 - 2009, TechTarget \| Read our Privacy Policy