IT-12 Standard for Monitoring of Networks Processing Cardholder Data


 

Table of Contents

Purpose

This document establishes a formal network monitoring standard and outlines the related requirements specified in the Payment Card Industry Data Security Standards that must be implemented in all University of Maryland (UMD) network infrastructures that process cardholder data.

Top

Additional authority

The following standards help guide the content of this document: Payment Card Industry Data Security Standard - Requirement 10.

Top

Scope

This standard applies to all UMD network infrastructure used to transmit or process cardholder data. Payment Card Industry Data Security Standards (PCI DSS) consider a full primary account number accompanied by cardholder name, expiration date, a service code, information from a magnetic strip or card chip, or a personal identification number as cardholder data.

Top

Standard

Logging mechanisms and the ability to track user activities are critical for effective forensics and vulnerability management. The presence of logs allows thorough tracking and analysis if something goes wrong. Determining the cause of a compromise is very difficult without system activity logs.

NOTE: As a general rule, every PCI Standard should be reviewed annually and updated as needed to reflect changes to business objectives or the risk environment.

Top

Requirements

Top