Category Archives: PCI Compliance
Best Practices Series: VMware Storage Management Best Practices
Welcome for another blog post in our cyber security best practices series. (more…)
Best Practices Series: Virtual Networking for VMware
Best Practices – A growing number of organizations are now standardizing in a virtualized server deployment and they want to consolidate servers that belong to different trust zones. A trust zone is loosely defined as a network segment within which data flows relatively freely, whereas data flowing in and out of the trust zone is subject to stronger restrictions. The introduction of virtual technology does not have to significantly change the network topology. (more…)
Configuring Log Event Source Series – HP UX
![Log event Icon](https://www.halock.com/wp-content/uploads/2023/10/Database-Warning-HALOCK-Security-150x150.webp)
Welcome to another post in the series of configuration instructions in enabling monitored systems to send system logs to a central logging server – HP UX. (more…)
Hau’s How
In the face of an increasing list of compliance frameworks, IT organizations operating on an already stretched budget are desperate for relief. Regulations around Personally Identifiable Information (PII), cardholder data (CHD) and patient health information all require a separate environment for storing and transmitting sensitive data. Who can afford THAT? (more…)
Meeting PCI DSS Section 10 Compliance using SNARE
![credit card verification](https://www.halock.com/wp-content/uploads/2023/11/pci-dss-requirement-copy-150x150.webp)
Tackling the log management requirements in section 10 of the PCI DSS can be greatly simplified by using Intersect Alliance’s SNARE software (an acronym for System iNtrusion Analysis and Reporting Environment). SNARE is a comprehensive Event Log Management toolkit, designed to collect and report on activities from within a monitored system. (more…)
![WIndows Audit Policies icon](https://www.halock.com/wp-content/uploads/2022/01/Windows-Audit-Policies-for-PCI-DSS-Compliance-1024x437-1-1-400x300.jpg)
Windows Audit Policies for PCI DSS Compliance
Exactly which settings need to be enabled for the audit (logging) policy on Windows systems in order to meet the intent of PCI DSS requirements 10.2.x? Trying to understand all the individual events IDs associated with each Windows audit policy is your first step in trying to determine the answer to this question! But after a bit of digging (thank goodness for Google) I found the answer. Both articles provide great information on the details of each event ID and how you can align this with PCI requirements for auditing: (more…)
Virtualization in the PCI Environment
![](https://www.halock.com/wp-content/uploads/2023/10/Banks-Financial-Services-Payment-Billing-Cyber-Security-150x150.jpg)
Since the SIG for addressing the impact of virtualization in PCI compliance has yet to be published, there has been a mixed reaction to whether or not virtualization SHOULD be used in the cardholder data environment. (more…)
PCI Level 2 Non-Compliance, Mastercard’s New Rules
![payment card industry compliance mastercard](https://www.halock.com/wp-content/uploads/2023/10/MasterCardiconmonstr-payment-27-150x150.png)
I have had many questions on the topic of compliance for Level II PCI Merchants that are transitioning from a SAQ (self-assessment questionnaire) to an On-site audit with a Report on Compliance (ROC). Many are concerned with the prospect that they are non-compliant with many of the controls and want to know what they should do and what risks they face. (more…)