Learn how change control technology helps organizations comply with PCI DSS by tracking changes to critical files, determining if changes are authorized, and selectively preventing unauthorized change. Read this white paper on how you can relieve the burden of out-of-process and other unauthorized changes by using real-time monitoring and selective enforcement software.
MMeeeettiinngg tthhee PPCCII SSttaannddaarrdd
Solidcore Systems, Inc. delivers innovative software solutions that provide capabilities to cost-effectively gain control of its customers ITinfrastructure and realize immediate and tangible value in support of change control, compliance, and security. These benefits enable retailers andother credit card processing entities to significantly reduce the cost of complying with the Payment Card Industry Data Security Standard (PCIDSS). This white paper describes how Solidcore automates data collection for, and validation and enforcement of, IT controls in the PCI DataSecurity Standard.
Overview ambiguous ones in the 1.0 release. As of January 1, 2007 allnew certifications and newly initiated re-certifications are to beIdentity theft and credit card fraud is a large and growing based on DSS version 1.1.problem. The Federal Trade Commission estimates that almost10 million consumers were affected last year, at a cost of close Like all compliance programs, PCI consists of two separateto $50 billion. In order to combat this growing menace, Visa, components, both of which must be implemented in order toMasterCard, American Express, Diners Club, Discover and be PCI compliant:other major credit card providers have joined together tointroduce a compliance standard - the Payment Card Industry 1. Compliance with PCI requirements, and(PCI) Data Security Standard. The standard unites and 2. Validation of PCI complianccccceeeeesupersedes the individual compliance standards such as Visa'sCISP and MasterCard's SDP standards. Each of these components is discussed in more detail below.
This program is intended to protect cardholder data wherever PCI Requirementsit resides, ensuring that members, merchants and serviceproviders maintain the highest levels of information security. The PCI DSS mandates that all merchants follow the twelvethThe PCI standard came into effect on December 14 , 2004, requirements, listed in the following table. In addition, there isand merchants and service providers were originally required an implicit thirteenth requirement to verify compliance with thethto be PCI compliant by June 30 , 2005..... The PCI Security PCI DSS - often overlooked but an integral part of any PCIStandards Council released DSS standard version 1.1 in compliance program.September 2006 to tighten certain requirements and clarifyMeeting the PCI Standard
PPPPPCCCCCIIIII RRRRReeeeeqqqqquuuuuiiiiirrrrreeeeemmmmmeeeeennnnntttttsssss Participating merchants must pay for their own PCI compliance1 Install and maintain a firewall configuration to protect assessment, and the cost of compliance depends on the extentdata to which they are already in a compliant state. A level 1 merchant2 Do not use vendor-supplied defaults for passwords needs to submit an annual RRRRReeeeepppppooooorrrrrttttt ooooonnnnn CCCCCooooommmmmpppppllllliiiiiaaaaannnnnccccceeeee, validatedand security parameters by an approved independent auditor, or by an internal audit3 Protect stored cardholder data department, provided that a letter signed by an executive-level4 Encrypt transmission of cardholder data and sensitive officer of the company accompanies the report.information across public networks5 Use and regularly update anti-virus software For level 1 merchants required to undergo an annual compliance6 Develop and maintain secure systems and review, the scope of validation is focused on systems or systemapplications components related to authorization and settlement where7 Restrict access to data by business "need to know" cardholder data is processed, stored, or transmitted.8 Assign unique ID to each person with computeraccess9 Restrict physical access to cardholder data Solidcore Enforcement: A Powerful Differentiator10 Track and monitor all access to network resourcesand cardholder data In addition to words like "track" and "monitor", the PCI DSS11 Regularly test security systems and processes and other regulatory standards use words like "restrict", "deny",12 Maintain a policy that addresses information security "disable", "limit", "protect", and "ensure" to describe specificcontrols that apply to infrastructure components (servers,The requirement to verify PCI compliance is discussed in more applications, network devices, data sets, etc.) that are includeddetail in the next section. in or connected to the cardholder enviro... [download for more]
