2,654
edits
(Created page with "<table style="background:#F8FCFF; text-align:center" width="100%" cellspacing="0" cellpadding="0" border="0"> <tr> <td style="padding:0.5em; background-color:#e5e5e5; font-siz...") |
No edit summary |
||
Line 32: | Line 32: | ||
To establish the ability to accept bank card payments, departments should: | To establish the ability to accept bank card payments, departments should: | ||
*Send a written request for authorization to the Controller ([mailto:wlawlor@unmc.edu Bill Lawlor], zip 5080) | *Send a written request for authorization to the Controller ([mailto:wlawlor@unmc.edu Bill Lawlor], zip 5080) | ||
*Contact [mailto:terry.lilla Terry Lilla], the Finance Cashier Office, for bank contact and equipment options information. | *Contact [mailto:terry.lilla@unmc.edu Terry Lilla], the Finance Cashier Office, for bank contact and equipment options information. | ||
*Notify [ | *Notify [mailto:sblum@unmc.edu Susan Blum], Accounts Payable, that the department will be taking bank card payments and of the cost center to which monthly processing transactions will be charged. | ||
== Transmitting Bank Card Payment Receipts to the Finance Cashier and Retaining Bank Card Information == | == Transmitting Bank Card Payment Receipts to the Finance Cashier and Retaining Bank Card Information == | ||
*Bank card machine transactions should be closed out via automatic closing at least once per business day. | *Bank card machine transactions should be closed out via automatic closing at least once per business day. | ||
Line 62: | Line 62: | ||
===Security Parameters=== | ===Security Parameters=== | ||
*Configuration standards are followed for all system components impacting the cardholder data environment. | *Configuration standards are followed for all system components impacting the cardholder data environment. | ||
**Network configuration follows the DISA Security Technical Implementation Guides | |||
*All vendor supplied defaults for system passwords and other security parameters are changed prior to being placed in production. | *All vendor supplied defaults for system passwords and other security parameters are changed prior to being placed in production. | ||
*Only necessary services, protocols, daemons will be enabled as required for the function of the system. Additional security features are implemented for any required services, protocols, or daemons that are considered insecure (i.e. SSH, S-FTP etc.). | *Only necessary services, protocols, daemons will be enabled as required for the function of the system. Additional security features are implemented for any required services, protocols, or daemons that are considered insecure (i.e. SSH, S-FTP etc.). | ||
Line 110: | Line 109: | ||
*All exploitable vulnerabilities found will be remediated. | *All exploitable vulnerabilities found will be remediated. | ||
*Utilize and monitor an intrusion prevention system | *Utilize and monitor an intrusion prevention system | ||
*A change detection mechanism of | *A change detection mechanism of configuration file integrity monitoring is implemented.<br /> | ||
<br /> | |||
For additional information, see [[Bank Card Processing | Bank Card Processing Policy]].<br /> | |||
<br /> | |||
This page maintained by [mailto:dpanowic@unmc.edu dkp].<br /> | |||
<br /> | <br /> | ||
Last Review by Policy Owner: '''06/30/14''' | Last Review by Policy Owner: '''06/30/14''' |