Re: PCI v2.0 Requirement 8.3

[Blake Penn <BPenn () TRUSTWAVE COM>]

Dan,

I see most clients (both inside and outside of Higher Ed) using either RSA SecurID tokens or personal certificates for 
2-factor.  Also, the use of remote access management tools like Bomgar is certainly on the uptick.  

Blake Penn
CISSP, MCSE, MCSD, MCDBA, QSA
Senior Security Consultant
Trustwave
bpenn () trustwave com
+1 678-685-1277
http://www.trustwave.com

DISCLAIMER: The views represented in this message reflect the opinions of the author alone and do not neccessarily 
reflect the opinions of Trustwave.


From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Daniel 
Bennett
Sent: Monday, January 17, 2011 3:31 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] PCI v2.0 Requirement 8.3

We are currently working on PCI v2.0 compliance and we hit requirement 8.3.  We are very interested in how other 
institutions have solved this requirement.  Please respond on or off list.  Below is the requirement:

8.3 Incorporate two-factor authentication
for remote access (network-level access
originating from outside the network) to
the network by employees,
administrators, and third parties. (For
example, remote authentication and dialin
service (RADIUS) with tokens; terminal
access controller access control system
(TACACS) with tokens; or other
technologies that facilitate two-factor
authentication.)

Thanks,

Dan