Notices Regarding Departure from Security Best Practice

The intent of this page is to explain how a certain request from you could affect your compliance status. Netsurion feels it is our responsibility to explain the implications of a request that will affect the security and PCI compliance at your location as such a request will increase the risk of a breach and/or major fines associated with a breach.
  1. As it relates to requesting access to the Internet within the CDE (cardholder data environment), please be aware that any site opened to this network can be dangerous and put your data at risk. You should only open sites if they are critical to your daily operation. Regardless of the type of site, subsequent to any request to open access to/from the Trust network, Netsurion will be unable to guarantee the security of that network.

  2. Using remote access programs such as PCAnywhere, TeamViewer, Ammyy, GoToMy PC, LogMeIn or similar products without implementing the correct two-factor authentication and logging requirements could place your location’s compliance at risk. Even with proper two-factor authentication, allowing remote access exposes your network to the security controls in place where the remote access is being initiated. Most of our customers are able to use PCAnywhere, Remote Desktop, or VNC over our secured remote access portal which includes two-factor authentication. With it, you can use one of these connection methods and others with minimal changes. If you choose to use an alternative remote access method, you agree to assume the risks associated with its use.
It is also highly recommended that you revisit your Self-Assessment Questionnaire (SAQ) and make the necessary adjustments to reflect the new security situation at your location(s).