PCI (Payment Card Industry Security Standard)
Install and maintain a firewall configuration to protect cardholder data
1.1.6 Documentation of business justification and approval for use of all services protocols and ports allowed including documentation of security features implemented for those protocols considered to be insecure.
Compromises often happen due to unused or insecure service and ports since these often have known vulnerabilities and many organizations don’t patch vulnerabilities for the services protocols and ports they don’t use (even though the vulnerabilities are still present). By clearly defining and documenting the services protocols and ports that are necessary for business organizations can ensure that all other services protocols and ports are disabled or removed. Approvals should be granted by personnel independent of the personnel managing the configuration. If insecure services protocols or ports are necessary for business the risk posed by use of these protocols should be clearly understood and accepted by the organization the use of the protocol should be justified and the security features that allow these protocols to be used securely should be documented and implemented. If these insecure services protocols or ports are not necessary for business they should be disabled or removed. For guidance on services protocols or ports considered to be insecure refer to industry standards and guidance (e.g. NIST ENISA OWASP etc.).
What is a Cybersecurity Compliance Framework?
You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to highly-specialized and in-demand top security and privacy frameworks and certifications.
With the Lionfish platform, every framework is supported with guided scoping, policies, controls, automated evidence collection, and continuous monitoring, ensuring efficient preparation for audits or attestation in minimal time.
The Lionfish platform is compatible with a wide range of security and privacy frameworks, including:
- CMMC v2
- NERC CIP-002 through CIP-014 Revision 6
- NIST 800-171
- NIST 800-172
- PCI (Payment Card Industry Security Standard)
- SOC 2
- NIST 800-53
- NIST SP800-161 Supply Chain Risk Management
- CIS Framework Controls V8