Scribd
Upload
76 views2 pages

UBC PCI Compliance Network Management Roles

This document identifies the groups responsible for logical management of network components within the scope of the University of British Columbia's PCI Compliance effort. It outlines five levels of network components from the internet service provider to individual point-of-sale devices. The groups identified with access to these components include the Network Management Centre, IT management at the department/faculty level, IT technical staff, and local IT support staff. Non-technical support staff should not have rights to modify in-scope devices. The document was created to meet PCI compliance requirement 1.1.4 and complies with UBC policies on access and security of administrative information.

Uploaded by

Martha Jane Lawhead
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
76 views2 pages

UBC PCI Compliance Network Management Roles

This document identifies the groups responsible for logical management of network components within the scope of the University of British Columbia's PCI Compliance effort. It outlines five levels of network components from the internet service provider to individual point-of-sale devices. The groups identified with access to these components include the Network Management Centre, IT management at the department/faculty level, IT technical staff, and local IT support staff. Non-technical support staff should not have rights to modify in-scope devices. The document was created to meet PCI compliance requirement 1.1.4 and complies with UBC policies on access and security of administrative information.

Uploaded by

Martha Jane Lawhead
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

THE UNIVERSITY OF BRITISH COLUMBIA

(All UBC Merchants)


Requirement 1: Install and maintain a firewall configuration to protect data
Question 1.1.4: Description of groups, roles, and responsibilities for logical management of network
components?
Date of Issue:

(July 19, 2010)

PURPOSE
To document the procedures to meet PCI compliance requirement (1.1.4)

POLICY
These procedures relate to university policy 106 (Access to and Security of Administrative Information), and
section 5 (PCI-DSS Requirements) of UBCs Information Security Manual.

This document identifies those groups, IT and otherwise, that impact the logical management of the
network components that are within the scope of the PCI Compliance effort. The document will work
from the macro-level to the local merchant network component level.
Granularity:
1. Internet Service Provider external to the merchant network
2. UBC IT Core Network and Routers, Domain Name and Time Services
3. Firewall and Internal Networks/VLANs/VRFs
4. Switches and Network Ports at the Physical Room/Patch Panel level
5. Switches, MiniHubs, and POS Equipment at the Room/Location level
Groups:
A. The Network Management Centre (NMC), BCnet monitor and maintain our core networks
and related network support services like DNS, NTP, DHCP that may affect merchant
network access to the Credit Acquirer Servers. The NMC has a reporting and governance
structure within the UBC IT organizational structure. Group A can be viewed to impact
mostly levels 1 and 2, with a separate network infrastructure group at UBC IT affecting level
3.
B. IT Management at the Department or Faculty level have the access rights physical and via
web management tools, to monitor, modify, report on firewall and logical network
configurations like VLANs and VRFs. The roles and responsibilities for change management
and logging may be delegates to supporting IT specialists like LAN Coordinators. Access
controls (login credentials) are used to restrict access to management interfaces.
C. IT Technical Staff, IT Support have physical access to locked communication rooms where
network patch panels and building-level network switches and equipment reside. Access
control is via keyed physical access and job request systems that log changes to physical
plant.
D. IT Support at the local level may have access to the physical wiring from the wall ports to
switches and cabling that interconnect POS payment devices.
Page 1 of 2

E. Non-technical support staff should not have rights to modify devices and cabling that are
within scope of POS PCI Compliance. Do we need to qualify with a supervisory/review note
if its something like Facilities and Cabling running new network runs?
CONTACT INFORMATION
For document enquiries, please contact (Kenneth Wong, UBC Bookstore, 2-5817).

REVISION HISTORY
Date

Details of Change

Changed By

Approved By

Title

(July 19, 2010)

(1.0)

(Ken Wong, Bookstore)

(Ken Wong, initial


document)

(Systems Manager,
Bookstore)

Page 2 of 2
/var/www/apps/conversion/tmp/scratch_4/259138484.docx

You might also like