Payment Card Industry Data Security Standard (PCI DSS)
The PCI DSS regulations consists of 12 requirements based around 6 best practice elements, these requirements were developed through a joint effort by the major credit card companies in order to establish a standard set of regulations for all organizations who transmit, process or store cardholder data.
The following table outlines the PCI DSS requirements and the products Information Safe offer in each area along with specific documents outlining how some of the products fit into PCI DSS.
| Best Practice Elements | Requirement | Product(s) | Supporting PCI DSS Document(s) |
|---|---|---|---|
| Build and Maintain a Secure Network | 1. Install and maintain a firewall configuration to protect cardholder data | FortiNet | N/A |
| 2. Do not use vendor-supplied defaults for system passwords and other security parameters | SafeNet (2 factor authentication) | Strong Encryption and Authentication PCI Compliance with SafeNet Products |
|
| Protect Cardholder Data | 3. Protect stored cardholder data | SafeNet (encryption, key protection and key management) | Strong Encryption and Authentication Protecting Cardholder Data in e-Commerce Transactions |
| 4. Encrypt transmission of cardholder data across open, public networks | FortiNet, (SSL/IPSEC) Aruba (wireless) SecureIT (email) |
Wireless LANs and PCI Compliance | |
| Maintain a Vulnerability Management Program | 5. Use and regularly update anti-virus software | Sophos | N/A |
| 6.Develop and maintain secure systems and applications | Sophos NAC + GFI LANguard NSS (ensure systems remain patched) FortiNet (application firewall) |
PCI DSS Made Easy | |
| Implement Strong Access Control Measures | 7. Restrict access to cardholder data by business need-to-know | N/A | N/A |
| 8. Assign a unique ID to each person with computer access | SafeNet (2 factor authentication) | Strong Encryption and Authentication | |
| 9. Restrict physical access to cardholder data | Aruba (AP Protection) SafeNet (protection against theft) |
Wireless LANs and PCI Compliance PCI Compliance with SafeNet Products |
|
| Regularly Monitor and Test Networks | 10. Track and monitor all access to network resources and cardholder data | GFI EventsManager Acronis (promptly back-up audit trails) |
PCI DSS Made Easy |
| 11. Regularly test security systems and processes | N/A | N/A | |
| Maintain an Information Security Policy | 12. Maintain a policy that addresses information security | N/A | N/A |
For more information on the PCI DSS requirements please visit the PCI Security Standards website.