It is important to start this conversation by saying that PCI DSS encompasses more than Azure Security Center, however Security Center plays a key role on that, as described in the architecture diagram from Azure Security and Compliance Blueprint - PCI DSS-compliant Payment Processing environments article, shown below:
Image extracted from this article
The first step is to understand the PCI DSS requirements, and from there understand the goals and requirements. You should also use the responsibility matrix spreadsheet that has a comprehensive list of requirements, the controls and the implementation details. In this matrix you will also find the PCI DSS Requirements that Security Center can help, which are:
- PCI DSS Requirement 1.1.1
- PCI DSS Requirement 2.2
- PCI DSS Requirement 2.2.3
- PCI DSS Requirement 5.2
- PCI DSS Requirement 5.4
- PCI DSS Requirement 10.6
- PCI DSS Requirements 10.6.1, 10.6.2 and 10.6.3
- PCI DSS Requirement 11.2
- PCI DSS Requirement 11.2.1
- PCI DSS Requirement 11.3
- PCI DSS Requirements 11.3.1, 11.3.2, 11.3.3 and 11.3.4
- PCI DSS Requirement 11.4
Read each one of those requirements above, and notice that under responsibilities, there is a line for customer (PCI-DSS Blueprint), there you will find the example of how Security Center was used to help the fictitious organization Contoso to be compliant with PCI DSS.
from TechNet Blogs https://ift.tt/2HNjsdU
No comments: