Educause Security Discussion mailing list archives
Re: PCI v2.0 Requirement 8.3
From: Joe Marshall <JMarshall () FREDERICK EDU>
Date: Tue, 18 Jan 2011 23:07:10 -0500
What is everyone's take on the meaning of this requirement? We provide remote access to the "network" via terminal services. This is the administrative network. All servers and machines that process credit cards are on a unique VLAN. There's no direct access to the card processing network from the administrative network or the terminal server. Do we still need two-factor authentication for the terminal server connection since it is not part of the credit card VLAN? Reading the requirement, it is very generic: "remote access" for "network-level access." What does that really mean? The network (VLAN) for the credit card network or any network? Regards, Joe Joe Marshall Executive Director of Network, Information Security, and Telecommunications Frederick Community College 7932 Opossumtown Pike Frederick, Maryland 21702 301.624.2824 phone 301.624.2898 fax
Daniel Bennett <dbennett () PCT EDU> 1/17/2011 3:30 PM >>>
We are currently working on PCI v2.0 compliance and we hit requirement 8.3. We are very interested in how other institutions have solved this requirement. Please respond on or off list. Below is the requirement: 8.3 Incorporate two-factor authentication for remote access (network-level access originating from outside the network) to the network by employees, administrators, and third parties. (For example, remote authentication and dialin service (RADIUS) with tokens; terminal access controller access control system (TACACS) with tokens; or other technologies that facilitate two-factor authentication.) Thanks, Dan
Current thread:
- PCI v2.0 Requirement 8.3 Daniel Bennett (Jan 17)
- Re: PCI v2.0 Requirement 8.3 Flynn, Gary - flynngn (Jan 17)
- Re: PCI v2.0 Requirement 8.3 Blake Penn (Jan 18)
- Re: PCI v2.0 Requirement 8.3 Taylor, James R (Jan 18)
- Re: PCI v2.0 Requirement 8.3 Taylor, James R (Jan 18)
- Re: PCI v2.0 Requirement 8.3 Marcum, Chad A (Jan 19)
- Re: PCI v2.0 Requirement 8.3 Blake Penn (Jan 20)
- Re: PCI v2.0 Requirement 8.3 Mike Leach (Jan 18)
- Re: PCI v2.0 Requirement 8.3 Joe Marshall (Jan 18)