PCI DSS 3.0 New requirements – Maintaining an inventory of system components in scope

  • Team Omega
  • March 12, 2014

This is a requirement for sub-control 2.4.  Inventory of systems refer to all hardware and software, virtual or physical within the cardholder data environment (CDE).

This essentially means a list of all the hardware and software used, their purpose in being in the CDE, what they are and why they are there.  Keeping all this information current is key to this particular control.  One of the articles on this requirement talks about, “(including cardholder data locations, personnel with access to cryptographic keys and cardholder data, and firewall rules and justifications)”.  The concern here is that detailed inventorying and maintenance is difficult in a complicated environment with several people in charge of different components of the CDE.   Automation might be key to managing this control.

Which means proper Systems Management. Omega has mastered systems management through automation to help merchants stay on top via a centralized, one pane-of-glass solution — OmegaSecure.  Call us at 636-557-7777 to discuss your environment.  We can help you get started with an initial 30-minute free assessment.