Administrative Systems Administrative Systems PCI Infrastructure Services Reference Compliance with the Payment Card Industry s Data Security Standard (PCI DSS) is critical for all merchants who accept credit cards at Stanford University. Administrative Systems (AS) provides infrastructure technical services for PCI DSS compliance to ensure merchants meet the infrastructure compliance requirements. AS provides centralized services of monitoring, patching, anti-virus and logging for workstations that are installed and maintained in a PCI-dedicated secure environment. At the same time, AS also provides the standard IT desktop services for the dedicated PCI workstations to keep them up and running for payment and business needs. For detailed support and services information, please refer to the following information. Frequently Asked Questions (FAQ) 1. How do I request support for the PCI environment? 2. What are the support hours for the PCI environment? 3. What services are covered by AS? 4. What service is NOT covered by AS? 5. What is the process to obtain remote access to the PCI environment? 6. How do I set up two-step authentication for access to the PCI environment? 7. How do I log in to the secure PCI environment? 8. What is the maintenance schedule for the PCI environment? 1. How do I request support for the PCI environment? Support requests should be submitted through the Stanford Help Request System, HelpSU. Please use these specific links depending on the request type, as they are not available in the main HelpSU form: Request Type Link PCI Desktop http://helpsu.stanford.edu/?pcat=pcidesktop PCI Server http://helpsu.stanford.edu/?pcat=pciserver 2. What are the support hours for the PCI environment? Support requests are handled during normal business hours of 8am-6pm, Monday to Friday. For assistance outside normal business hours or in case of an emergency, support can be obtained by calling on-call support at: 1-888-887-7861, extension 810 Note: Merchants must inform AS at least one week in advance of any critical business periods that require support above and beyond normal business hours. To notify AS, please submit a HelpSU ticket using this link: http://helpsu.stanford.edu/?pcat=pcidesktop 3. What services are covered by AS? Build desktop, laptop and server systems using system image specifications agreed to by AS and merchants that are in compliance with PCI DSS standards Help integrate merchant's peripherals, such as printers, scanners, copiers, etc., into the PCI environment Troubleshoot all AS deployed PCI hardware and assist merchants with integrating their software into the AS PCI environment Work with PCI merchant management to help purchase new hardware and software as needed for the PCI environment
Work with ITS Networking Team to provide network management and troubleshooting Escalate problems that cannot be resolved by local desktop support staff and/or require additional infrastructure investigation by AS Operations, ITS, or other vendor (e.g., network, storage, etc.) Meet with merchant management once per quarter (or as needed) to discuss support issues and any other relevant matters related to PCI environment support Manage the PCI hardware inventory Manage the PCI firewall Manage the PCI Merchant Active Directory OU Maintain documentation and records of PCI support activities Respond to all client PCI help requests that come in via HelpSU 4. What service is NOT covered by AS? AS does not provide application support for proprietary and merchant specific point of sale (POS) systems, integrated business applications, and financial software that are specific to individual merchants such as: Micros, KABA, ClubProphet, Shift4, Paciolan, InforGenesis and ProfitWatch. For needed application support, individual merchants should maintain proper service and support contracts with respective application providers or vendors. 5. What is the process to obtain remote access to the PCI environment? To obtain remote access, you will need to submit a request for two-step authentication. Please see: How do I set up two-step authentication for access to the PCI environment? 6. How do I set up two-step authentication for access to the PCI environment? The PCI environment requires two-step authentication (also known as 2-factor authentication) to log in. The two-step authentication uses the Duo security application. You should have a smartphone or other mobile device to use the application. AS also recommends setting up a landline in case the mobile device has issues or is lost. Step 1: Request Personal Account Setup Submit a HelpSU request using this link: http://helpsu.stanford.edu/?pcat=pcidesktop Include information in the request for both your mobile device and backup office landline. Please provide the following information: Full Name SUNet ID Contact phone number Device Name (cell/work/home/etc) Device Type (Mobile or Landline) For your mobile device, please specify the platform from these choices: Android Windows phone BlackBerry J2ME Symbian ios Windows mobile BlackBerry 10 WebOS Generic Smartphone For your mobile device, please specify one of these four authentication methods: (note: AS recommends method number 1, Duo Push) 1. Duo Push: Duo sends a login request to your phone. You just tap an Approve button to authenticate. 2. Duo Mobile Passcodes: Duo generates a single use passcode that you key in (this is similar to Google Authenticator). 3. SMS Passcodes: Duo sends a passcode via text message. You key in the passcode you receive. 4. Phone Callback: Duo calls your phone. You press any key to authenticate.
Step 2: Duo Application Installation and Activation You will receive 2 messages on your mobile device with instructions for installing and activating the Duo application. The first message contains a link to install the Duo application on your device. If you have already installed Duo, you can skip this step. The second message activates your device and associates it with the Duo account AS created for you in Step 1. The activation link is good for 24 hours and cannot be shared with other people on devices. Once you have completed the installation and activation, your Mobile App should look something like this: 7. How do I log in to the secure PCI environment? The PCI environment requires two-step authentication to log in. The two-step authentication uses the Duo security application. If you do not have this application enabled on your smartphone or other mobile device, see: How do I set up two-step authentication for access to the PCI environment? You connect to the PCI environment via a secure computer known as a bastion host. Step 1: Use Remote Desktop to connect to host computer
Open your Remote Desktop Connection program, and enter one of the fully qualified host names: pciinfraprd13.pci.stanford.edu /or/ pciinfraprd14.pci.stanford.edu Select the Connect button. In the Windows Security window, enter: pci\pci.your SUNet ID your PCI password Select the OK button. Acknowledge the policy notice by selecting the OK button.
Step 2: Provide your Duo application (two-step) authentication You will see an authenticating message. Open the Duo application on your mobile device. Select the authentication method that was set up for you. In this example, Duo Push. Depending on the authentication method used, complete the next step. In the Duo Push method, the Login Request page will display, and you select the Approve button. This will complete the log in process. Step 3: Use Remote Desktop to connect to your host: Open your Remote Desktop Connection program, and enter the fully qualified host names of your computer (i.e. AS-PCI- SLAC.pci.stanford.edu):
In the Windows Security window, enter: pci\pci.your SUNet ID your PCI password Select the OK button. Acknowledge the policy notice by selecting the OK button. 8. What is the maintenance schedule for the PCI environment? The following hours are designated for AS to perform normal, non-emergency system maintenance: Thursdays 4-6 am Saturdays 5-8 am Sundays 5-8 am The PCI environment may not be available during these maintenance windows if work is being performed. Any non-emergency maintenance work that impacts AS PCI merchant services will be communicated at least one week prior to the activity, and will only be scheduled with approval of the merchants. AS will contact merchants as soon as feasible about any emergency unscheduled maintenance or environment outage.