This paper will show that using Intel® Active Management Technology (Intel® AMT, a capability of Intel® vPro™ Technology) provides an effective remote management solution for environments needing to comply with the Payment Card Industry Data Security Standard (PCI DSS) requirements. The paper will map Intel AMT capabilities back to the relative PCI DSS requirements and provide some advice about using Intel AMT in common retailer network topologies.
Confusion may arise when moving to structured management solutions such as Intel AMT because it appears to create new PCI DSS challenges, when in fact the implementation preparations are simply exposing latent PCI DSS issues that have somehow missed consideration until this point. If an implementation decision around a management solution appears to be impacted by PCI DSS, an organization should first ask “how are the organization’s tools processes avoiding the same problem today?” As an example, if a debate is raging about whether a central command console is pulled into PCI DSS scope by managing a particular point of sale network, ask the question: who is providing management today to that network, and where are they connecting from? Is today’s solution more or less desirable than using a central command console with rigorous access controls, logging, and auditing? The practical PCI DSS-related benefits of solutions such as Intel AMT typically outweigh ad-hoc or limited feature management solutions.