Scribd
Upload
83 views1 page

UBC Firewall Configuration Procedures

The document outlines procedures for a university to meet PCI compliance requirement 2.1 regarding changing vendor-supplied defaults before installing systems on the network. It specifies that all unnecessary accounts must be removed and only required user accounts and passwords set up before deployment. It provides contact information for any questions about the procedures.

Uploaded by

Martha Jane Lawhead
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
83 views1 page

UBC Firewall Configuration Procedures

The document outlines procedures for a university to meet PCI compliance requirement 2.1 regarding changing vendor-supplied defaults before installing systems on the network. It specifies that all unnecessary accounts must be removed and only required user accounts and passwords set up before deployment. It provides contact information for any questions about the procedures.

Uploaded by

Martha Jane Lawhead
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

THE UNIVERSITY OF BRITISH COLUMBIA

(MONERIS)
Requirement 1: Install and maintain a firewall configuration to protect data
Question 2.1: Are vendor-supplied defaults always changed before installing a system on the network?
Examples include passwords, simple network management protocol (SNMP) community strings, and
elimination of unnecessary accounts.
Date of Issue:

July 19, 2010

PURPOSE
To document the procedures to meet PCI compliance requirement 2.1

POLICY
These procedures relate to university policy 106 (Access to and Security of Administrative Information), and
section 5 (PCI-DSS Requirements) of UBCs Information Security Manual.
Always change vendor-supplied defaults before installing a system on the network.
Remove all unnecessary accounts before installing a system on the network.

PERSONNEL INVOLVED
Director
Financial Manager
Technical Services Manager
IT Group
Parking Equipment Technicians
Parking and Access Control Staff

CONTACT INFORMATION
For procedure enquiries, please contact:
Jose D. Jimenez
Operations Supervisor
(604)822.8207
jose.jimenez@ubc.ca

PROCEDURE
1. Only employees in the authorized employees list may access, add or modify any component of the Credit
Card Payment System as directed by a Supervisor.
2. Test the component to be added on a test bench or test environment.
3. Remove all system or application accounts, user IDs, and passwords before deployment
4. Setup only the user accounts and passwords that are absolutely required for proper operations.
5. If needed, use a third party utility to check user profile configuration settings to ensure no vendor supplied
profiles have default password, are set to status of disabled and system value settings were changed during
the installation of a vendor package

REVISION HISTORY
Date

Details of Change

Changed By

Approved By

Title

(Insert Date)

(Initial Version)

(Name)

(Name)

(Approvers Job Title)


Page 1 of 1

You might also like