[PA-DSS] 10.1 If payment application updates are delivered via remote access into customers' systems

10.1 If payment application updates are delivered via remote access into customers’ systems, software vendors must tell customers to turn on modem only when needed for downloads from vendor, and to turn off immediately after download completes. Alternatively, if delivered via VPN or other high-speed connection, software vendors must advise customers to properly configure a firewall or a personal firewall product to secure “always-on” connections.

PCI Data Security Standard Requirements 1, 1.3.9 and 12.3.9

Testing Procedures:

10.1 If the vendor delivers payment application and/or updates via remote access to customer networks, examine PA-DSS Implementation Guide prepared by vendor, and verify it contains:

[ul]
[li] Instructions for customers and resellers/integrators regarding secure modem use, per PCI DSS[/li][li] Requirement 12.3.Recommendation for customers and resellers/ integrators to use a firewall or a personal firewall product if computer is connected via VPN or other high-speed connection, to secure these “always-on” connections, per PCI DSS Requirement 1 or 1.3.9.[/li][/ul]