Special requirements to meet PA-DSS (PCI) credit card data security standards:
Please be aware that:
If you use an alternate administration interface (e.g. Remote Desktop, LogMeIn, GoToMyPC, CrossLoop) to access your payment processing environment or to make administrative changes, the traffic must be encrypted with a secure encryption technology (e.g. SSH, VPN, or SSL/TLS) to maintain credit card data security compliance.
Do not use remote access solutions requiring “port forwarding” such as VNC and PCAnywhere.
Use two-factor authentication for remote access. Use technologies such as RADIUS, TACACS with tokens, or VPN with individual certificates assigned to each user. Two-factor authentication means that two of the following three things are required: Something the user knows (like a password), something the user has (like a one-time use key) or something the user is (like biometric data).
Develop usage policies for critical employee-facing technologies (for example, remote-access
technologies, wireless technologies, removable electronic media, laptops, personal data/digital
assistants (PDAs), e-mail usage and Internet usage) to define proper use of these technologies for all employees and contractors. Ensure these usage policies require the following:
Explicit management approval to connect any device to your network
Authentication for use of the technology
A list of all such devices and personnel with access
Labeling of devices with owner, contact information, and purpose
Acceptable uses of the technology.
Acceptable network locations for the technologies
List of company-approved products
Automatic disconnect of sessions for remote-access technologies after a specific period of
Activation of remote-access technologies for vendors only when needed by vendors, with
immediate deactivation after use
LogMeIn free or professional client packages meet the data security requirements stated above, as do other remote access technologies, but must be configured for two-factor authentication. For more information, visit LogMeIn at: http://www.LogMeIn.com