Payment Card Industry Data Security Standard (PCI DSS) Compliance
The Payment Card Industry Data Security Standard (PCI DSS) establishes standard requirements protecting cardholder information. It applies to all entities that store, process or transmit cardholder data, such as retail merchants, payment processors and banks. PCI DSS took effect in January 2005 after being co-written by VISA and MasterCard and endorsed by other leading card providers.
There are 12 requirements for PCI DSS compliance, grouped into six IT control objectives. Each outlines a different area of security best practices, ranging from information security policy development to assessment and monitoring of threats, vulnerabilities and misconfigurations.
In October 2010, version 2.0 of PCI DSS was released by the PCI Security Standards Council. Reflecting input from the Council's global stakeholders, this latest version is designed to provide greater clarity and flexibility to facilitate improved understanding of the requirements and eased implementation for merchants.
Some examples of the language and key challenges in PCI DSS which our solutions address include:
- PCI DSS Requirement 2.2 Develop configuration standards for all systems components.
- PCI DSS Requirement 4 Encrypt transmission of cardholder data across open, public networks
- PCI DSS Requirement 6.1 Ensure that all system components and software have the latest vendor-supplied security patches installed.
- PCI DSS Requirement 7 Restrict access to cardholder data by business need-to-know
- PCI DSS Requirement 8.5 Ensure proper user authentication and password management for non-consumer users and administrators on all system components.
- PCI DSS Requirement 10.5 Secure audit trails so they cannot be altered.
- PCI DSS Requirement 11.5 Deploy file integrity monitoring software to alert personnel of unauthorized modification of critical system files, configuration files, or content files; and configure the software to perform critical file comparisons at least weekly.
- PCI DSS Requirement 12 Maintain a policy that addresses information security for employees and contractors
Our PCI DSS Solutions
Our award winning and industry-recognized solutions can help in establishing and ensuring the requirements of PCI DSS are met on a continuing basis. Specific products that assist with PCI DSS compliance efforts include:
- Identity Manager–Enforcement of consistent access controls across physical, virtual and cloud networks, with detailed, dynamic reports so you can prove it
- Sentinel Enterprise–Monitoring and auditing of systems and networks, and creating alerts and reports that meet PCI-DSS process/response requirements
- Access Manager–Single sign-on for enterprise web applications as well as federation for private and public cloud applications without risk to assets.
- Secure Configuration Manager–Configuration assessment, compliance reporting and IT risk management for heterogeneous environments
- Security Manager–Integrated security information and event management to protect critical data and streamline incident response
- Change Guardian–User activity and change monitoring across Windows systems, Group Policy Objects, and Active Directory
- Security Solutions for iSeries–Simplified auditing, intrusion protection, vulnerability management and security administration for the IBM System i (formerly IBM iSeries or AS/400) platform
Welcome, Want to talk to someone? Call our Sales team or request a call and we'll get right back to you.
- Sales: (888) 323-6768
For support information, please visit Technical Support.