The general steps included in this work program sample can be used by organizations to examine the security of their credit card processing systems.
Sample work steps include: review firewall standards to ensure that standards include a formal process for all changes, testing, and approval prior to implementation of rule or configuration changes; obtain a network diagram and examine the content to ensure that all connections to systems that hold cardholder data are documented; obtain a network diagram and examined the content/last revised date to ensure that it is current; and obtain copies of company firewall configuration standards.