Welcome to Scribd!

Moneris: The University of British Columbia

Uploaded by

0% found this document useful (0 votes)

18 views1 page

The document outlines procedures for a university to meet PCI compliance requirement 2.1 regarding changing vendor-supplied defaults before installing systems on the network. It specifies that all unnecessary accounts must be removed and only required user accounts and passwords set up before deployment. It provides contact information for any questions about the procedures.

Original Description:

Procedures for PCI DSS Requirement 2

Original Title

PCI Procedures R-2.1

Copyright

Available Formats

DOCX, PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Copyright:

Available Formats

Download as DOCX, PDF, TXT or read online from Scribd

Flag for inappropriate content

0% found this document useful (0 votes)

18 views1 page

Moneris: The University of British Columbia

Uploaded by

Martha Jane Lawhead

Copyright:

Available Formats

Download as DOCX, PDF, TXT or read online from Scribd

Flag for inappropriate content

Jump to Page

You are on page 1of 1

Search inside document

THE UNIVERSITY OF BRITISH COLUMBIA

(MONERIS)
Requirement 1: Install and maintain a firewall configuration to protect data
Question 2.1: Are vendor-supplied defaults always changed before installing a system on the network?
Examples include passwords, simple network management protocol (SNMP) community strings, and
elimination of unnecessary accounts.
Date of Issue:

July 19, 2010

PURPOSE
To document the procedures to meet PCI compliance requirement 2.1

POLICY
These procedures relate to university policy 106 (Access to and Security of Administrative Information), and
section 5 (PCI-DSS Requirements) of UBCs Information Security Manual.
Always change vendor-supplied defaults before installing a system on the network.
Remove all unnecessary accounts before installing a system on the network.

PERSONNEL INVOLVED
Director
Financial Manager
Technical Services Manager
IT Group
Parking Equipment Technicians
Parking and Access Control Staff

CONTACT INFORMATION
For procedure enquiries, please contact:
Jose D. Jimenez
Operations Supervisor
(604)822.8207
jose.jimenez@ubc.ca

PROCEDURE
1. Only employees in the authorized employees list may access, add or modify any component of the Credit
Card Payment System as directed by a Supervisor.
2. Test the component to be added on a test bench or test environment.
3. Remove all system or application accounts, user IDs, and passwords before deployment
4. Setup only the user accounts and passwords that are absolutely required for proper operations.
5. If needed, use a third party utility to check user profile configuration settings to ensure no vendor supplied
profiles have default password, are set to status of disabled and system value settings were changed during
the installation of a vendor package

REVISION HISTORY
Date

Details of Change

Changed By

Approved By

Title

(Insert Date)

(Initial Version)

(Name)

(Approvers Job Title)

Page 1 of 1

The CompTIA Network+ & Security+ Certification: 2 in 1 Book- Simplified Study Guide Eighth Edition (Exam N10-008) | The Complete Exam Prep with Practice Tests and Insider Tips & Tricks | Achieve a 98% Pass Rate on Your First Attempt!
From Everand
The CompTIA Network+ & Security+ Certification: 2 in 1 Book- Simplified Study Guide Eighth Edition (Exam N10-008) | The Complete Exam Prep with Practice Tests and Insider Tips & Tricks | Achieve a 98% Pass Rate on Your First Attempt!
Comptia Ace5
No ratings yet
CSS NCII - Module 1
Document8 pages
CSS NCII - Module 1
Jakim Lopez
No ratings yet
Computer Audit
Document8 pages
Computer Audit
Reycelyn Ballesteros
No ratings yet
Minimum Security Standard
Document15 pages
Minimum Security Standard
ali
No ratings yet
Data Security Policy Data Security Policy
Document9 pages
Data Security Policy Data Security Policy
Abbas Ahmad
No ratings yet
Secure SDLC Policy PDF
Document15 pages
Secure SDLC Policy PDF
Username Barkah
No ratings yet
Section 302 Section 404: 1. Organizational Structure Control
Document6 pages
Section 302 Section 404: 1. Organizational Structure Control
fathma azzahro
No ratings yet
Information Technology Management, Audit & Control
Document41 pages
Information Technology Management, Audit & Control
mfarooq87
100% (1)
CPP121f CPIT ICT Security Physical and Environmental Security Standard v2 3
Document8 pages
CPP121f CPIT ICT Security Physical and Environmental Security Standard v2 3
ZL2ABV
No ratings yet
Pci-Dss Controls: PCI Security Standards Council
Document4 pages
Pci-Dss Controls: PCI Security Standards Council
yawahab
No ratings yet
Framework for SCADA Cybersecurity
From Everand
Framework for SCADA Cybersecurity
Richard Clark
Rating: 5 out of 5 stars
5/5 (1)
Text-DISA Review Questions-1 PDF
Document616 pages
Text-DISA Review Questions-1 PDF
ankita raka
No ratings yet
IT Process
Document20 pages
IT Process
Ella Grace
No ratings yet
Module 1 - Installing Computer System and Networks
Document162 pages
Module 1 - Installing Computer System and Networks
Vincent Bumas-ang Acapen
No ratings yet
Security + Sample Paper - PK
Document17 pages
Security + Sample Paper - PK
Prashil Kumar
100% (1)
Baseline Cyber Security SOC and Resilience Requirements
Document7 pages
Baseline Cyber Security SOC and Resilience Requirements
Ashik
No ratings yet
Auditing Your Firewalls
Document14 pages
Auditing Your Firewalls
anakin415
100% (1)
POLICY FirewallAdministration
Document8 pages
POLICY FirewallAdministration
Abhishek Bahirat
No ratings yet
Compliance SOW Attachment I 6.27.22.1656349155427
Document15 pages
Compliance SOW Attachment I 6.27.22.1656349155427
gssinfotech
No ratings yet
Computer Base Information Control
Document39 pages
Computer Base Information Control
Aura Maghfira
No ratings yet
Hive Systems - CMMC 101 Guide
Document12 pages
Hive Systems - CMMC 101 Guide
Theo Díaz
100% (1)
Moneris: The University of British Columbia
Document1 page
Moneris: The University of British Columbia
Martha Jane Lawhead
No ratings yet
All UBC Merchants: Question 1.1.4: Description of Groups, Roles, and Responsibilities For Logical Management of Network
Document2 pages
All UBC Merchants: Question 1.1.4: Description of Groups, Roles, and Responsibilities For Logical Management of Network
Martha Jane Lawhead
No ratings yet
PCI Procedures R-1.1.1, 1.1.6, 1.2.1
Document2 pages
PCI Procedures R-1.1.1, 1.1.6, 1.2.1
Martha Jane Lawhead
No ratings yet
Network Security Monitoring Procedure
Document3 pages
Network Security Monitoring Procedure
Ghislain Murenzi
No ratings yet
Level 2 Install and Configure ICT Equipment and Operating Systems (7540-229)
Document8 pages
Level 2 Install and Configure ICT Equipment and Operating Systems (7540-229)
Gideos
No ratings yet
PCI DSS Policies and Procedures
Document38 pages
PCI DSS Policies and Procedures
justforfun2009
No ratings yet
Level 2 Maintain ICT Equipment and Systems (7540-228) : Systems and Principles (QCF) Assignment Guide For Candidates
Document7 pages
Level 2 Maintain ICT Equipment and Systems (7540-228) : Systems and Principles (QCF) Assignment Guide For Candidates
Gideos
No ratings yet
S2 Module 2: System Implementation
Document10 pages
S2 Module 2: System Implementation
er_sushilkumarg
No ratings yet
TSHOOT 15min Guide
Document13 pages
TSHOOT 15min Guide
juliosistemas
No ratings yet
SA Security Policy Procedures 125S
Document7 pages
SA Security Policy Procedures 125S
monikajayapal
No ratings yet
Local Media6190749129881214037
Document6 pages
Local Media6190749129881214037
danelozano23
No ratings yet
Mobile Device Security: By, Y.Prudhvi 1041010344
Document21 pages
Mobile Device Security: By, Y.Prudhvi 1041010344
PRUDHVIYALAMANDALA
No ratings yet
IDEMIA Security Bulletin - April 2022
Document2 pages
IDEMIA Security Bulletin - April 2022
WERMER MORA
No ratings yet
032 Case Study
Document32 pages
032 Case Study
Pooja Rana
No ratings yet
It P&P: Subject: Effective Date: Approval: Objective:: Information Technology Policy & Procedures Manual Daily Logs
Document3 pages
It P&P: Subject: Effective Date: Approval: Objective:: Information Technology Policy & Procedures Manual Daily Logs
mauvebeads
No ratings yet
Activity 2 100108
Document73 pages
Activity 2 100108
mmshotts
No ratings yet
Introduction To SAAM
Document29 pages
Introduction To SAAM
Russel Villacastin
No ratings yet
MIS Chapter 7
Document4 pages
MIS Chapter 7
Fredrick Makori
No ratings yet
Commissioning Rapport 2020
Document61 pages
Commissioning Rapport 2020
Dilip Paliwal
No ratings yet
It Implementation-Issues, Opportunities, Challenges, Problems
Document9 pages
It Implementation-Issues, Opportunities, Challenges, Problems
Annonymous963258
No ratings yet
Skybox Partner Training - Personas
Document9 pages
Skybox Partner Training - Personas
Prashant Biswas
No ratings yet
202 Assignment Guide A - Learner
Document8 pages
202 Assignment Guide A - Learner
nhussain1747
No ratings yet
Chapter 7 Illustrative Solutions PDF
Document12 pages
Chapter 7 Illustrative Solutions PDF
christoperedwin
50% (2)
Case Study (3) : IT Service Improvement
Document32 pages
Case Study (3) : IT Service Improvement
SumitAbrol
No ratings yet
CBLM Computer Systems Servicing NC II
Document98 pages
CBLM Computer Systems Servicing NC II
Antolin Tubig
No ratings yet
Chapter 4 Information Technology It
Document63 pages
Chapter 4 Information Technology It
黄勇添
No ratings yet
9 ML 303 Isita - QP
Document2 pages
9 ML 303 Isita - QP
Haseeb Ullah Khan
No ratings yet
Level 2 Install and Configure ICT Equipment and Operating Systems (7540-229)
Document8 pages
Level 2 Install and Configure ICT Equipment and Operating Systems (7540-229)
Gideos
100% (1)
MU1 Module 7 Notes
Document48 pages
MU1 Module 7 Notes
CGASTUFF
No ratings yet
Sy0-701 4
Document31 pages
Sy0-701 4
pipino2006
No ratings yet
Information Technologyss March 2023
Document3 pages
Information Technologyss March 2023
patience muchemwa
No ratings yet
Auditoría de Tecnología de Información: Espinosa Ángeles Juan Abdel Hernández Medina Adrián Ramírez Antonio Alejandra
Document53 pages
Auditoría de Tecnología de Información: Espinosa Ángeles Juan Abdel Hernández Medina Adrián Ramírez Antonio Alejandra
Omar Regino
No ratings yet
7266 401 A Can V2.1
Document8 pages
7266 401 A Can V2.1
NightWay Alvin How
No ratings yet
Application and Management of Cybersecurity Measures For Protection and Control
Document10 pages
Application and Management of Cybersecurity Measures For Protection and Control
edsonpaveli-1
No ratings yet
PCIs Changing Environment - What You Need To Know & Why You Need To Know It.
Document14 pages
PCIs Changing Environment - What You Need To Know & Why You Need To Know It.
kevin
No ratings yet
Network Security
Document1 page
Network Security
muhammad luthfi
No ratings yet
Securing Operational Technology: What Is Operational Technology? What Are The Risks?
Document9 pages
Securing Operational Technology: What Is Operational Technology? What Are The Risks?
Vincent Ip
No ratings yet
Online Admission System Project Report
Document46 pages
Online Admission System Project Report
Ajit Singh Ajimal
100% (1)
Chapter 2 System Analysis and Requiremen
Document5 pages
Chapter 2 System Analysis and Requiremen
Harsh Deep
No ratings yet