Cisco PCI Solution for Healthcare Design and Implementation Guide - Preface [Design Zone for Healthcare]

Table Of Contents

Preface

Document Purpose

Intended Audience

About the Cisco PCI Solution

Preface

To validate specific Cisco networking products for the Cisco PCI Solution, a lab environment was built using Cisco network architectures. Assessment was made by a Payment Card Industry (PCI) Qualified Security Assessor (QSA). The initial range of products (router, switch, wireless, and associated management tools as specified by the Solution Development team) was scoped to address specific PCI Data Security Specification (DSS) version 1.1 sub-requirements and was successfully validated by the QSA auditor.

Document Purpose

This document describes the required design and configuration details that address PCI requirements and provide the foundation for Cisco network design principles. This document is intended to augment the Cisco Enterprise Branch Security Design Guide available at http://www.cisco.com/go/srnd and does not replace that document.

Intended Audience

This document is intended for Cisco system engineers, solution engineers, and partner engineers who are planning to build a healthcare network that addresses PCI DSS 1.1 requirements.

About the Cisco PCI Solution

The Cisco PCI Solution consists of many Cisco components that work together to provide a comprehensive solution that addresses many of the requirements in the PCI 1.1 Data Security Standards document. The solution supplies the configurations that are optimized to help a business address many of the elements included in a PCI audit.

Every solution component authenticates against the Active Directory via Cisco Secure Access Control System (CS-ACS). Four servers are exceptions to this, and the solution addressed them by implementing compensating controls by putting each server on to its own network segment behind a firewall.

Cisco continues to demonstrate its commitment to helping companies simplify the PCI audit process by adding features to its product line to remove the need for the following compensating controls:

•Wireless Control System (WCS)—In Release 4.1, Cisco added TACACS+ and RADIUS authentication.

•Cisco Security Monitoring, Analysis, and Response System (CS-MARS)—Cisco added RADIUS authentication to v 4.3.

•Cisco Security Access Control System (ACS)—Cisco plans to add RADIUS authentication. This feature is scheduled to be available May 2008.

•Cisco Security Agent Manager Server—This server did not require compensating controls because it was able to externally authenticate to Active Directory directly.

	Cisco PCI Solution for Healthcare Design and Implementation Guide
	Preface
Cisco PCI Solution for Healthcare Design and Implementation Guide Preface Solution Overview Solution Framework Solution ComponentsBest Practices and PCI Implementing and Configuring the Solution Bill Of Materials of Devices for Branch Data Center/Internet Edge Components and Versions Application Protocols Detailed Implementation and Configuration Steps Device Configurations Report on Compliance (ROC) Glossary	Download this chapter Preface Download the complete book Cisco PCI Solution for Healthcare Design and Implementation Guide (PDF - 11 MB) Table Of Contents Preface Document Purpose Intended Audience About the Cisco PCI Solution Preface To validate specific Cisco networking products for the Cisco PCI Solution, a lab environment was built using Cisco network architectures. Assessment was made by a Payment Card Industry (PCI) Qualified Security Assessor (QSA). The initial range of products (router, switch, wireless, and associated management tools as specified by the Solution Development team) was scoped to address specific PCI Data Security Specification (DSS) version 1.1 sub-requirements and was successfully validated by the QSA auditor. Document Purpose This document describes the required design and configuration details that address PCI requirements and provide the foundation for Cisco network design principles. This document is intended to augment the Cisco Enterprise Branch Security Design Guide available at http://www.cisco.com/go/srnd and does not replace that document. Intended Audience This document is intended for Cisco system engineers, solution engineers, and partner engineers who are planning to build a healthcare network that addresses PCI DSS 1.1 requirements. About the Cisco PCI Solution The Cisco PCI Solution consists of many Cisco components that work together to provide a comprehensive solution that addresses many of the requirements in the PCI 1.1 Data Security Standards document. The solution supplies the configurations that are optimized to help a business address many of the elements included in a PCI audit. Every solution component authenticates against the Active Directory via Cisco Secure Access Control System (CS-ACS). Four servers are exceptions to this, and the solution addressed them by implementing compensating controls by putting each server on to its own network segment behind a firewall. Cisco continues to demonstrate its commitment to helping companies simplify the PCI audit process by adding features to its product line to remove the need for the following compensating controls: •Wireless Control System (WCS)—In Release 4.1, Cisco added TACACS+ and RADIUS authentication. •Cisco Security Monitoring, Analysis, and Response System (CS-MARS)—Cisco added RADIUS authentication to v 4.3. •Cisco Security Access Control System (ACS)—Cisco plans to add RADIUS authentication. This feature is scheduled to be available May 2008. •Cisco Security Agent Manager Server—This server did not require compensating controls because it was able to externally authenticate to Active Directory directly.
	© 1992-2009 Cisco Systems, Inc. All rights reserved. Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks of Cisco Systems, Inc.