The Cisco PCI Solution for Retail is a set of configurations and recommendations for data at rest and data in motion on wired and wireless networks. The solution is designed to conform to the Payment Card Industry (PCI) Data Security Specification (DSS) 1.2. The solution was built and tested using point-of-sale (POS) systems, payment devices, wireless client devices, data encryption software, Cisco network infrastructure, and validated by a PCI Qualified Security Assessor (QSA) audit partner. The result is a set of retail store, data center, and Internet edge designs that simplify the process of a retailer becoming PCI compliant.
To pass PCI compliance, a retail company must address its procedures, security policies, and technical infrastructure so that it can demonstrate adherence to the PCI v1.2 specification sub-requirements. A QSA must perform an audit of the company to verify that each applicable sub-requirement is either addressed or deemed not applicable to that specific company. Once a company becomes compliant, there are ongoing requirements to maintain compliance. The Cisco PCI Solution for Retail demonstrates how to build the infrastructure, secure data in transit and at rest, and how to monitor and maintain the configurations. Figure 1-1 show the Cisco PCI Solution for Retail conceptual architecture.
