Developing PCI DSS Compliant Configuration Standards

Vikström, Valtteri (2025)
 
Avaa tiedosto
Lataukset: 


Vikström, Valtteri
2025
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Näytä kaikki kuvailutiedot
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-202504126310
Tiivistelmä
This thesis provides guidance on developing Payment Card Industry Data Security Standard (PCI DSS) compliant configuration standards, emphasizing the importance of detailed documentation for secure and compliant system configurations. Configuration standards are essential for reducing security risks, maintaining consistent security controls, and simplifying annual assessments within organizations handling payment card data.

The research examines PCI DSS v4 requirements and technical elements for secure configuration management, supported by interviews with industry professionals and a review of established security frameworks such as CIS Benchmarks and NIST guidelines. These insights reveal common challenges organizations face, including insufficient documentation quality and the need for standardized security practices.

Key outcomes include a structured guide for creating configuration standards, addressing essential elements such as system role definitions, security hardening settings, patch management, logging, time synchronization, and authentication controls. The thesis also introduces different options for implementing and documenting configurations across different environments to help organizations strengthen security, enhance compliance, and optimize operational efficiency.
Kokoelmat