PCI DSS Compliance

What is it and why?

PCI (Payment Card Industry) Data Security Standard was put in place to safeguard credit card information and client details, thereby restoring customer’s confidence in providing this information either online or at the merchants store.  In more technical terms, it is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures.  The standard defines how credit cardholder and card authentication data must be stored and/or transmits Primary Account Number (PAN) and cardholder data.

There are 12 Requirements, broken into 6 categories:

Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update anti-virus software or programs
Requirement 6: Develop and maintain secure systems and applications

Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data by business need to know
Requirement 8: Assign a unique ID to each person with computer access.
Requirement 9: Restrict physical access to cardholder data

Regularly Monitor and Test Networks
Requirement 10: Track and monitor all access to network resources and cardholder data.
Requirement 11: Regularly test security systems and processes

Maintain an Information Security Policy
Requirement 12: Maintain a policy that addresses information security for employees and contractors

Requirement 10

Log files hold the key to tracking and monitoring access throughout the network, every request is stored on the computers within your network.  SNARE has been designed to collect from any device – routers, firewalls, switches and computers.  Once this data is collected it is placed on the server and enables the organization to run customizable reports, providing information such as user login/logoff, logins/logoffs after-hours, failed logins and access to sensitive information. 

When used with the SNARE Agents, the information is transmitted in near real time.  SNARE Agents have been designed for a wide variety of operating systems and applications. Utilization of the SNARE Agents enables the reduction of the logs files so that only those that are relevant to you and your PCI auditor are collected, while retaining the log files on the host system.  The SNARE Enterprise Agents allow for additional security and reliability, using such features as encryption, TCP with caching and the ability to send to multiple IP addresses.

When configured to report for PCI, a large library of predefined reports is provided, within a single dashboard on SNARE.  Report frequency can be supplied as often as hourly and as infrequently as yearly, depending on your requirement.

For a Synopsis of the SNARE Server for PCI – > click here

For our product sheet - > click here

Contact us for more details.