PCI DSS compliance

1.1.5 Roles for network management

1.1.5 Groups, roles and responsibilities

This part of the PCI DSS standard is less technical in nature, as it focuses on groups, roles and responsibilities of personnel. Main goal is determining the awareness within the organization who is responsible for what area, when it comes to network components. With Linux systems being often used for network filtering or network routing, it is common to find Unix system administrators being responsible for this area, while common network engineers are for the remaining parts.

1.1.5a Documentation of responsibilities

Supporting documentation should clearly state who is responsible for the management of network and firewall components. When using Linux, this is usually done by Unix engineers and could also be documented on the systems itself. Another place is where any configuration files are stored (e.g. versioning control system).

1.1.5b Personnel

To determine the documented responsibilities are still valid, people involved with management of IT systems should be checked. By both interviewing the responsible people and checking documentation, this control can be confirmed.