PCI DSS Compliance: Secure Systems and Applications

["Jensen, Gaylen" <JENSENG () BYUI EDU>]

We are trying to become PCI DSS compliant. We have a small programming
staff and are wondering how to comply with some of the programming
requirements without hiring more employees. Specifically (referring to
PCI DSS self-assessment questions):

  1. Separate development, test, and production environments (6.3.2)

  2. Separation of duties between development, test, and production
environments (6.3.3)

  3. Follow change control procedures that include documentation of
impact (6.4.1)

If you have dealt with these issues and could impart some advice, it
would be appreciated!

 

Gaylen Jensen

Information Security Officer

Brigham Young University-Idaho

(208) 496-1081