Response Report - PCI Pre-Scan Questionnaire€¦ · Response Report - PCI Pre-Scan Questionnaire ....
Transcript of Response Report - PCI Pre-Scan Questionnaire€¦ · Response Report - PCI Pre-Scan Questionnaire ....
CONFIDENTIALITY NOTE: The information contained in this report document is for the exclusive use of the client specified above and may contain confidential, privileged and non-disclosable information. If the recipient of this report is not the client or addressee, such recipient is strictly prohibited from reading, photocopying, distributing or otherwise using this report or its contents in any way. Scan Date: 5/7/2015
PCI Assessment
Prepared for: Prospect Or Customer Prepared by: Your Company Name 5/8/2015
Response Report - PCI Pre-Scan Questionnaire
Response Report - PCI Pre-Scan Questionnaire PCI ASSESSMENT
PROPREITARY & CONFIDENTIAL PAGE 2 of 15
Table of Contents
1 - Security Officer
2 - Protection of Cardholder Data
3 - Employee Training
4 - Firewall 5 - Administrative Login
6 - Application Development
7 - Change Detection
8 - Uncommon Malware Threats
9 - Maintain Secure Systems
10 - Physical Access
11 - Security Logs
12 - Wireless Access
13 - Authentication
Response Report - PCI Pre-Scan Questionnaire PCI ASSESSMENT
PROPREITARY & CONFIDENTIAL PAGE 3 of 15
Security Officer
Topic Response Responded By
Name Joe Secoff
Contact Information 555 PCI Way
Retail City, VA
Response Report - PCI Pre-Scan Questionnaire PCI ASSESSMENT
PROPREITARY & CONFIDENTIAL PAGE 4 of 15
Protection of Cardholder Data
Topic Response Responded By
Store Cardholder Data
No
Response Report - PCI Pre-Scan Questionnaire PCI ASSESSMENT
PROPREITARY & CONFIDENTIAL PAGE 5 of 15
Employee Training
Topic Response Responded By
Unprotected PANs by end-user messaging technologies
Response Report - PCI Pre-Scan Questionnaire PCI ASSESSMENT
PROPREITARY & CONFIDENTIAL PAGE 6 of 15
Firewall
Topic Response Responded By
Firewall Required No
Response Report - PCI Pre-Scan Questionnaire PCI ASSESSMENT
PROPREITARY & CONFIDENTIAL PAGE 7 of 15
Administrative Login
Observe an administrator log on to each system and examine system configurations to verify that a strong encryption method is invoked before the administrator’s password is requested.
Topic Response Responded By
Observed Logins No
Observed Issues Web host login was not secure.
Web-based Management URLs
http://webconsole01
https://telesys:5050/admin
Response Report - PCI Pre-Scan Questionnaire PCI ASSESSMENT
PROPREITARY & CONFIDENTIAL PAGE 8 of 15
Application Development
Topic Response Responded By
In-house Application Development
No
Outsourced Development
No
Response Report - PCI Pre-Scan Questionnaire PCI ASSESSMENT
PROPREITARY & CONFIDENTIAL PAGE 9 of 15
Change Detection
Topic Response Responded By
Automated Change Detection
No
Response Report - PCI Pre-Scan Questionnaire PCI ASSESSMENT
PROPREITARY & CONFIDENTIAL PAGE 10 of 15
Uncommon Malware Threats
Typically, mainframes, mid-range computers (such as AS/400) and similar systems may not currently be commonly targeted or affected by malware. However, industry trends for malicious software can change quickly, so it is important for organizations to be aware of new malware that might affect their systems—for example, by monitoring vendor security notices and anti-virus news groups to determine whether their systems might be coming under threat from new and evolving malware. Trends in malicious software should be included in the identification of new security vulnerabilities, and methods to address new trends should be incorporated into the company's configuration standards and protection mechanisms as needed.
Topic Response Responded By
Periodic Evaluation Yes
Response Report - PCI Pre-Scan Questionnaire PCI ASSESSMENT
PROPREITARY & CONFIDENTIAL PAGE 11 of 15
Maintain Secure Systems
Topic Response Responded By
Trustworthy Vulnerability Sources
Yes
nist.gov
pcisecurity.info
Patching Procedures
Yes
Response Report - PCI Pre-Scan Questionnaire PCI ASSESSMENT
PROPREITARY & CONFIDENTIAL PAGE 12 of 15
Physical Access
Topic Response Responded By
Access Control No
Response Report - PCI Pre-Scan Questionnaire PCI ASSESSMENT
PROPREITARY & CONFIDENTIAL PAGE 13 of 15
Security Logs
Topic Response Responded By
Log Review No
Response Report - PCI Pre-Scan Questionnaire PCI ASSESSMENT
PROPREITARY & CONFIDENTIAL PAGE 14 of 15
Wireless Access
Topic Response Responded By
Wireless Keys Changed
No
Response Report - PCI Pre-Scan Questionnaire PCI ASSESSMENT
PROPREITARY & CONFIDENTIAL PAGE 15 of 15
Authentication
Topic Response Responded By
No Authentication Yes
Smart Cards No
Biometric No
Remote Access to Cardholder Data Environment
Yes