PCI Compliance for Home Users

Business / Enterprise Security Products & Services PCI DSS Compliance
1

Hi All,

This is in reference to identifying Controls acceptable by the PCI council for taking the Home users into PCI scope. Our organisation is already PCI Level 1 certified however with a new upcoming business engagement, we are required to design a model where in the resources would be operating from home and would have access to PII information. What I am looking for a detailed list of controls which needs to be implemented for these home users to comply with the PCI requirement.

Would really appreciate if someone can share a case study or list of controls acceptable by the PCI council.

Thanks in advance for the support.

Sachin

2

It depends if the home users can view / access to full PAN. If yes :

Requirement will be :

1.4 : Personnal firewall
5 : Personnel Antimalware
4.1 : HTTPS
6.1 : security patch managment of the stations
8.3 : Two-factor authentication
12 : Security Awarness and inventory

Mark,
http://www.pci-initiative.org