Common use of Network and Systems Clause in Contracts

Network and Systems. a) All network components, servers and purchased and custom applications that are part of the payment card system must conform to all current PCI-DSS requirements. For more information, visit ▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇. An outline of the primary principles and requirements follows. Refer to the PCI-DSS (located online at ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇) for the detailed elements of each. i. Building and maintaining a secure network 1. Install and maintain a firewall configuration to protect data 2. Do not use vendor supplied defaults for system passwords and other security parameters 2. Encrypt transmission of cardholder data and sensitive information across public networks. iii. Maintaining a Vulnerability Management Program 1. Use and regularly updated anti-virus software 2. Develop and maintain secure systems and applications. iv. Implementing Strong Access Control Measures 1. Restrict access to data by business need to know 2. Assign an unique ID to each person with computer access 3. Restrict physical access to cardholder data v. Regularly Monitoring and Testing Networks 1. Track and monitor all access to network resources and cardholder data 2. Regularly test security systems and processes vi. Maintain a Department Information Security Departmental Policy that addresses information security standards which follows and meets all University Information Security Standards and PCI-DSS requirements.

Network and Systems. a) a. All network components, servers and purchased and custom applications that are part of the payment card system must conform to all current PCI-DSS requirements. For more information, visit ▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇. An outline of the primary principles and requirements follows. Refer to the PCI-DSS (located online at ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇) for the detailed elements of each. i. Building and maintaining Maintaining a secure network 1. Install and maintain a firewall configuration to protect data 2. Do not use vendor supplied defaults for system passwords and other security parameters 2. Encrypt transmission of cardholder data and sensitive information across public networks. iii. Maintaining a Vulnerability Management Program 1. Use and regularly updated anti-virus software 2. Develop and maintain secure systems and applications. iv. Implementing Strong Access Control Measures 1. Restrict access to data by business need to know 2. Assign an unique ID to each person with computer access 3. Restrict physical access to cardholder data v. Regularly Monitoring and Testing Networks 1. Track and monitor all access to network resources and cardholder data 2. Regularly test security systems and processes vi. Maintain a Department Information Security Departmental Policy that addresses information security standards which follows and meets all University Information Security Standards and PCI-DSS requirements.