Meeting and Exceeding PCI 1.1 Compliance Today

White Paper
www.securecomputing.com
®Secure Computing has been solving Meeting and exceeding PCI 1.1 compliance todaythe most difficult network and application security challenges for over 20 years, and is uniquely qualified to be the global security solutions provider to organizations of all sizes.
Table of contentsOverview........................................................................................................................................2Who is impacted?...........................................................................................................................2Secure Computing portfolio...........................................................................................................3Secure Computing for basic PCI compliance..................................................................................3Over and above the basics.............................................................................................................4Penalties.........................................................................................................................................5Conclusion.....................................................................................................................................5
Secure Computing CorporationCorporate Headquarters4810 Harwood RoadSan Jose, CA 95124 USATel +1.800.379.4944Tel +1.408.979.6100Fax +1.408.979.6501European HeadquartersNo 1 The ArenaDownshire WayBracknellBerkshire, RG12 1PU UKTel +44.0.870.460.4766Fax +44.0.870.460.4767Asia/Pac Headquarters1606-8 MLC Tower248 Queen's East RoadWan Chai Hong KongTel +852.2598.9280Fax +852.2587.1333Japan HeadquartersShinjuku Mitsui Bldg. 2, 7FNishi-Shinjuku 3-2-11Shinjuku-ku, Tokyo, 160-0023JapanTel +81.3.5339.6310Fax +81.3.4496.4537
© 2007 Secure Computing Corporation. All Rights Reserved. Bess, enterprise strong, IronMail, MobilePass, PremierAccess, SafeWord, Secure Computing, SecureOS, SecureSupport, Sidewinder G2, SmartFilter, SofToken, Strikeback, Type Enforcement, CyberGuard, and Webwasher are trademarks of Secure Computing Corporation, registered in the U.S. Patent and Trademark Office and in other countries. Access begins with identity, Anti-Virus Multi-Scan, Anti-Virus PreScan, Application Defenses, Compliance, Dynamic Quarantine, Edge, Encryption, G2 Enterprise Manager, Global Command Center, IronIM, IronNet, Live Reporting, Message Profiler, MethodMix, On-Box, Outbreak Defender, Power-It-On!, Radar, RemoteAccess, SecureEdge, Secure Encryption, SecureWire, SmartReporter, SnapGear, SpamProfiler, Threat Response, Total Stream Protection, TrustedSource,TrustedSource Portal, Webmail Protection, ZAP, and ZombieAlert are trademarks of Secure Computing Corporation. All other trademarks used herein belong to their respective owners.This paper discusses how Secure Computing's portfolio of security solutions can help enterprises exceed the basic compliance requirements of the Payment Card Industry Data Security Standards requirements (PCI), version 1.1.
OverviewVisa, MasterCard, American Express, Diner's Club, Discover, and JCB collaborated to create a new set of standards based on CISP (Cardholder Information Security Policy), and known as the Payment Card Industry www.securecomputing.com Data Security Standard (PCI). All merchants and service providers that handle, transmit, store or process information concerning any of these cards, or related card data, are required to be compliant with PCI or face contract penalties or even termination by the credit card issuers. The primary purpose of this standard is to protect credit card data by reducing fraud and theft. The PCI standard seeks to accomplish this through a "defense-in-depth" strategy. There are six primary areas covered by PCI, divided into 12 requirements:Build and maintain a secure network1. Install and maintain firewall configurations2. Do not use vendor-supplied or default passwordsProtect cardholder data3. Protect stored data4. Encrypt transmissions of cardholder data across public networksMaintain a vulnerability management program5. Use and regularly update anti-virus software6. Develop and maintain secure systems and applicationsImplement Strong Access Control Measures7. Restrict access to "need-to-know"8. Assign unique IDs to each person with computer access9. Restrict physical access to cardholder dataRegularly monitor and test networks10. Monitor and tr... [download for more]