Security and compliance are big issues in the world of data management and storage, especially as more and more governing agencies set up rules to protect the security of that data. The Payment Card Industry (PCI) has set rules around customer data and the required physical, network, and process security measures for protecting it.
Dedicated Cloud Compute (DCC) has a recommended architecture plan for PCI compliance which ensures that many of the standards for security are met. Below is a table that explains each requirement, along with a list of Lumen products that can contribute to meeting the standard for each requirement.
Requirement Description | Lumen Products & Services | Summary of Customer Responsibilities |
---|---|---|
Requirements 1.1 – 1.5 Install and maintain a firewall configuration to protect cardholder data. |
|
The customer is responsible for meeting overall compliance standards, regardless of Lumen services purchased. |
Requirements 2.1 – 2.6 Eliminate the use of vendor-supplied defaults for systems passwords and other security parameters. |
Lumen installation and operational procedures require all ports, passwords, and security parameters be changed and locked down. | The customer is responsible for meeting overall compliance standards, regardless of Lumen services purchased. |
Requirements 3.1 – 3.7 Cardholder protection methods such as encryption, truncation, masking, and hashing. |
Lumen Vormetric Data Encryption to encrypt “data at rest”, with customer only key access. |
|
Requirements 4.1 – 4.3 Encrypt transmission of cardholder data across open, public networks. |
Lumen Managed VPN Services for secure access to and from the Cardholder Data Environment (CDE). |
|
Requirements Requirements 5.1 – 5.4 Protect all systems against malware and regularly update anti-virus software or programs. |
All Windows based operating systems are protected with anti-virus software. | The customer is responsible for meeting overall compliance standards, regardless of Lumen services purchased. |
Requirements 6.1 – 6.7 Develop and maintain secure systems and applications. |
|
The customer is responsible for meeting overall compliance standards, regardless of Lumen services purchased. |
Requirements 7.1 – 7.3 Restrict access to cardholder data by business need to know. |
|
|
Requirements 8.1 – 8.8 Identify and authenticate access to system components. |
|
|
Requirements 9.1 – 9.10 Restrict physical access to cardholder data. |
|
|
Requirements 10.1 – 10.8 Track and monitor all access to network resources and cardholder data. |
|
|
Requirements 11.1 – 11.6 Regularly test security systems and processes. |
|
The customer is responsible for meeting overall compliance standards, regardless of Lumen services purchased. |
Requirements 12.1 – 12.10 Maintain a policy that addresses information security for all personnel. |
|
|
This matrix highlights the Lumen Products and Services recommended for helping customers achieve PCI-compliance when implementing a DCC solution. The Lumen Products and Services services specified are implemented at an additional cost. The customer may elect to use any or all of the recommendations. The customer responsibilities shown in the matrix are summarized for the purpose of this document. Additional actions may be required to achieve overall PCI compliance.