Secure Remote Access Requirements
- Change default settings in the remote access software (for example, change default passwords and use unique passwords for each customer).
- Allow connections only from specific (known) IP/MAC addresses.
- Use strong authentication and complex passwords for logins, according to PCI DSS Requirements 8.1, 8.3, and 8.5.8-8.5.15 (see Appendix A for details on PCI DSS Requirement 8).
- Enable encrypted data transmission according to PCI DSS Requirement 4.1.
PCI DSS Requirement 4.1: Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks. Examples of open, public networks that are in scope of the PCI DSS are:
- The Internet,
- Wireless technologies,
- Global System for Mobile communications (GSM), and
- General Packet Radio Service (GPRS).
- Enable account lockout after a certain number of failed login attempts according to PCI DSS Requirement 8.5.13 (see Appendix A of this document for details on PCI DSS Requirement 8).
- Configure the system so a remote user must establish a Virtual Private Network ("VPN") connection via a firewall before access is allowed.
- Enable the logging function.
- Restrict access to customer passwords to authorized reseller/integrator personnel.
- Establish customer passwords according to PCI DSS Requirements 8.1, 8.2, 8.4, and 8.5 (see Appendix A for detailed PCI DSS Requirements).
Please send us your feedback on this help page.