• Internal use of RFC1918 address space
instead of registered addresses.
1.4 Install personal firewall software or
equivalent functionality on any portable
computing devices (including company
and/or employee-owned) that connect to the
Internet when outside the network (for
example, laptops used by employees), and
which are also used to access the CDE.
Firewall (or equivalent) configurations
include:
• Specific configuration settings are defined.
• Personal firewall (or equivalent
functionality) is actively running.
• Personal firewall (or equivalent
functionality) is not alterable by users of the
portable computing devices.
You are responsible for
ensuring handheld devices
(e.g. ToastGo) if utilized are
connected to the isolated
and/or properly segmented
POS network.
1.5 Ensure that security policies and
operational procedures for managing
firewalls are documented, in use, and known
to all affected parties.
You are responsible for
maintaining appropriate
policies and processes.
Requirement 2: Do not use vendor-supplied
defaults for system passwords and other
security parameters
What you will need to do
2.1 Always change vendor-supplied defaults
and remove or disable unnecessary default
accounts before installing a system on the
network. This applies to ALL default
passwords, including but not limited to those
used by operating systems, software that
provides security services, application and
system accounts, point-of-sale (POS)
terminals, payment applications, Simple
Network Management Protocol (SNMP)
community strings, etc.).
Toast will change any default password or
accounts prior to or during the
deployment.
If you elect to self-deploy
the POS solution, you are
responsible for making said
changes as outlined in the
Deployment Checklist.
2.1.1 For wireless environments connected
to the cardholder data environment or
transmitting cardholder data, change ALL
wireless vendor defaults at installation,
including but not limited to default wireless
encryption keys, passwords, and SNMP
community strings.
Toast will change all wireless defaults at
installation and implement appropriate
Wifi security controls.
If you elect to self-deploy
the POS solution, you are
responsible for making said
changes as outlined in the
Deployment Checklist.
2.2 Develop configuration standards for all
system components. Assure that these
standards address all known security
vulnerabilities and are consistent with
industry-accepted system hardening
standards.
PCI Instruction Guide
© Toast 2018
Page 22 of 44
To Next Page
Loading...
