Payment Card Industry Data Security Standard (PCI DSS)
The Payment Card Industry Data Security Standard (PCI DSS) establishes standard requirements protecting cardholder information. It applies to all entities that store, process or transmit cardholder data, such as retail merchants, payment processors and banks. PCI DSS took effect in January 2005 after being co-written by VISA and MasterCard and endorsed by other leading card providers.
There are 12 requirements for PCI DSS compliance, grouped into six IT control objectives. Each outlines a different area of security best practices, ranging from information security policy development to assessment and monitoring of threats, vulnerabilities and misconfigurations.
In October 2008, version 1.2 of PCI DSS was released by the PCI Security Standards Council. This release did not introduce any new requirements from version 1.1, but contained several general and specific changes for clarification and explanatory purposes.
Some examples of the language and key challenges in PCI DSS v1.2 which NetIQ solutions address include:
- PCI DSS Requirement 2.2 Develop configuration standards for all systems components.
- PCI DSS Requirement 4 Encrypt transmission of cardholder data across open, public networks
- PCI DSS Requirement 6.1 Ensure that all system components and software have the latest vendor-supplied security patches installed.
- PCI DSS Requirement 7 Restrict access to cardholder data by business need-to-know
- PCI DSS Requirement 8.5 Ensure proper user authentication and password management for non-consumer users and administrators on all system components.
- PCI DSS Requirement 10.5 Secure audit trails so they cannot be altered.
- PCI DSS Requirement 11.5 Deploy file integrity monitoring software to alert personnel of unauthorized modification of critical system files, configuration files, or content files; and configure the software to perform critical file comparisons at least weekly.
- PCI DSS Requirement 12 Maintain a policy that addresses information security for employees and contractors
Contact Us for a Demo
The NetIQ Solution
NetIQ's award winning and industry-recognized solutions can help in establishing and ensuring the 12 requirements of PCI DSS v1.2 are met on a continuing basis. Specific products that assist with PCI DSS compliance efforts include:
- NetIQ PCI Compliance Suite – includes configuration management, compliance reporting, event management, incident response, secure logging, policy creation and distribution, for Windows, Unix and IBM System-i (iSeries) systems.
- NetIQ Secure Configuration Manager – Configuration assessment, compliance reporting and IT risk management for heterogeneous environments - PCI DSS Section 2.2
- NetIQ Security Manager – Integrated security information and event management to protect critical data and streamline incident response
- NetIQ Change Guardian – User activity and change monitoring across Windows systems, Group Policy Objects, Active Directory, and Databases
- VigilEnt Policy Center – Automated creation, distribution and testing of written security policies
- Security Solutions for iSeries – Simplified auditing, intrusion protection, vulnerability management and security administration for the IBM System i (formerly IBM iSeries or AS/400) platform
- Attachmate Reflection for Secure IT – Complete encryption, authentication and data integrity to protect data in motion
Individual solutions from NetIQ can be purchased separately and include:
