[cisco-voip] PCI DSS compliance for Cisco IPT/UCCX
Ryan Huff
ryanhuff at outlook.com
Tue Jan 22 07:36:00 EST 2019
At a high level I’d think you’ll need to look into SRTP (aka voice encryption) enabled system-wide, no call recording (which you can’t do with SRTP anyway) and possibly no call monitoring too (at least on the PII calls).
Then adhere to all the physical access rules for servers that store or transmit PII (personally identifiable information).
You may need to research database storage requirements as it relates to PCI. I’m assuming the UCCX environment is what will be dealing with the PII; while UCCX doesn’t have the capacity to outright store CC info, it may be possible that some of that info is captured in logs, depending on how your environment is set up.
You’d have to do a lot of dry runs in the UCCX environment and run all the calling scenarios that interact with PII to ensure traces of it do not get logged.
Obviously nothing can be done to the UCCX database outside of what Cisco supports, like encrypt table values that aren’t encrypted.. etc
Sent from my iPhone
> On Jan 22, 2019, at 01:23, Ki Wi <kiwi.voice at gmail.com> wrote:
>
> Hi Group,
> I have a customer who is querying on how can we make their existing Cisco IPT (with UCCX) PCI DSS compliance since the new upcoming site we are planning to deploy will handle sensitive data such as credit cards information.
>
> Any folks out there have experience doing this?
>
> Do we need voice encryption? Turn on TLS v1.1 ? etc?
>
> --
> Regards,
> Ki Wi
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip&data=02%7C01%7C%7Cb9218ac35b024bba75db08d680321fbe%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636837350098382558&sdata=%2Fb%2BfDpOqy2BHdBZ%2F%2F%2B%2BYB7FyBrE4lznDiRI1dlwChC4%3D&reserved=0
More information about the cisco-voip
mailing list