Educause Security Discussion mailing list archives
Re: PCI v2.0 Requirement 8.3
From: Mike Leach <mjl9 () PSU EDU>
Date: Tue, 18 Jan 2011 15:30:28 -0500
Dan, Our first response is, "Please explain why you need remote access to a card processing environment." In other words we try to discourage that when possible. Even so some merchant areas need remote access to carry out business needs. Most of the time our merchants use the User ID and a certificate on the machine to provide the two-factors. This also forces use of a known, supported machine to access the card processing environment. Thank you, Mike Leach Compliance Coordinator Security Operations and Services The Pennsylvania State University ITS-SOS Telephone: 814-863-9533 ITS-SOS E-Mail: security () psu edu Direct Line: 814-865-0740 From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Daniel Bennett Sent: Monday, January 17, 2011 3:31 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] PCI v2.0 Requirement 8.3 We are currently working on PCI v2.0 compliance and we hit requirement 8.3. We are very interested in how other institutions have solved this requirement. Please respond on or off list. Below is the requirement: 8.3 Incorporate two-factor authentication for remote access (network-level access originating from outside the network) to the network by employees, administrators, and third parties. (For example, remote authentication and dialin service (RADIUS) with tokens; terminal access controller access control system (TACACS) with tokens; or other technologies that facilitate two-factor authentication.) Thanks, Dan
Current thread:
- PCI v2.0 Requirement 8.3 Daniel Bennett (Jan 17)
- Re: PCI v2.0 Requirement 8.3 Flynn, Gary - flynngn (Jan 17)
- Re: PCI v2.0 Requirement 8.3 Blake Penn (Jan 18)
- Re: PCI v2.0 Requirement 8.3 Taylor, James R (Jan 18)
- Re: PCI v2.0 Requirement 8.3 Taylor, James R (Jan 18)
- Re: PCI v2.0 Requirement 8.3 Marcum, Chad A (Jan 19)
- Re: PCI v2.0 Requirement 8.3 Blake Penn (Jan 20)
- Re: PCI v2.0 Requirement 8.3 Mike Leach (Jan 18)
- Re: PCI v2.0 Requirement 8.3 Joe Marshall (Jan 18)