PCI DSS Compensating Controls for Requirement 3.4

“Compensating controls may consist of either a device or combination of devices, applications, and controls that meet all of the following conditions:

- Provide additional segmentation/abstraction (e.g., at the network layer)
- Provide ability to restrict access to cardholder data or databases based on the following criteria:
* Internet Protocol (IP) address/Media Access Control (MAC) address
* Application/service
* User accounts/groups
* Data type (packet filtering)
- Restrict logical access to the database
* Control logical access to the database independent of Active Directory or Lightweight Directory Access Protocol (LDAP)
* Prevent/detect common application or database attacks (e.g., Structured Query Language [SQL] injection)

Bookmark/Search this post with:
  • Delicious
  • Digg
  • StumbleUpon
  • Propeller
  • Reddit
  • Magnoliacom
  • Newsvine
  • Technorati

Trackback URL for this post:

http://www.securitycompliances.com/trackback/24

User login

Who's online

There are currently 0 users and 1 guest online.

Who's new

  • arrercuby
  • brijtiwari28
  • Fantasko
  • pyosaterryysx
  • ugg54685