• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 206
  • Last Modified:

Security Camera Compliance?

I know this maybe a simple answer, however I am having a hard time finding a formal answer.  But what are the regulations of security cameras in a network when it comes to PCI compliance/Calea?

I know they should be on their own network/vlan, physical security locked etc.  Also police usually likes to see 31 days retention, but is there any official ruling on exact settings for PCI Compliance or standard compliance?
0
tomtom9898
Asked:
tomtom9898
1 Solution
 
Sean JacksonInformation Security AnalystCommented:
Policy on retention is likely going to be dictated by your legal department, should you have one.  To be honest, I've not heard of PCI dictating anything about your video cameras or a CCTV system.  

I would default to your own wisdom and intuitive decisions.  Yes, dedicated VLAN is a great idea, and not having one is a bad one.  Yes, the server that's holding the data should be physically protected from those who don't need-to-know.  I would also run application white listing on the server.  

I would recommend (as much as possible) having your cameras wired, not wireless.  That eliminates a lot of attack vectors right there.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now