PCI-DSS Audits
Securing Your Network for Credit Card Transactions
Since 2004, the major credit card companies have cooperated on the implementation of a common data security standard called the Payment Card Industry Data Security Standard (PCI-DSS). The PCI standards provide guidelines for organizations that process card payments in order to help them prevent credit card fraud, cracking and other security threats.
Tufin SecureTrack helps organizations meet the requirements relating to network security, data safety, access control, and accountability. Secure Track’s PCI-DSS 2.0 audit report makes it fast and simple to prepare for an internal or external audit. With in-depth information about the company’s PCI compliance level, the audit report shows where improvements are needed and recommends how to address them. The PCI-DSS audit centralizes many of the capabilities of SecureTrack in one, convenient feature to make it easier than ever to comply with PCI-DSS 2.0.
Implement, Monitor and Demonstrate Compliance
The following table summarizes the PCI-DSS requirements, and explains briefly how Tufin SecureTrack helps organizations achieve compliance with each requirement. For more information about each of the PCI requirements, download the PCI-DSS white paper.
| PCI-DSS Requirement | SecureTrack Solution |
|---|---|
| Install and maintain a firewall configuration to protect cardholder data | SecureTrack’s PCI-DSS automated audit report makes use of SecureTrack’s comprehensive security operations management capabilities. SecureTrack enables operations teams to increase network security and automate day-to-day tasks with powerful change tracking and risk analysis capabilities. |
| Do not use vendor-supplied defaults for system passwords and other security parameters | SecureTrack’s PCI-DSS audit report enables administrators to test firewall rule bases and ensure that relevant configuration parameters were modified from their factory default settings. The automated audit integrates industry best practices and analyzes firewall policies for correct usage of configurable security parameters. |
| Protect stored cardholder data | SecureTrack helps improve your firewall policy and rule base security, providing increased protection of stored data by organizational firewalls. |
| Encrypt transmission of cardholder data and sensitive information across open public networks | SecureTrack’s Policy Analysis and auditing tools can be used to verify that encryption is being used for relevant cardholder data connections. |
| Develop and maintain secure systems and applications (includes installing the latest security patches) | SecureTrack’s customizable reports indicate which firewalls have been updated with the latest software versions. |
| Restrict access to data by business need-to-know | Policy Analysis can be used to proactively search for potential security holes while SecureTrack’s change tracking, alerts and audit reports will reveal unauthorized access. SecureTrack provides thorough accountability and a detailed audit trail for all configuration changes. |
| Assign a unique ID to each person with computer access | SecureTrack’s detailed change tracking identifies who made each change in the firewall policy, and the machine from which the change was made. |
| Track and monitor all access to network resources and cardholder data | SecureTrack maintains a detailed, read-only audit trail with full accountability for all configuration changes to supported devices. |
| Regularly test security systems and processes | Detailed reporting and analysis tools allow for periodic testing and examination of multiple security devices. Audit reports compare device configuration against industry regulations and best practices. |
| Maintain a policy that addresses information security for all personnel | SecureTrack helps assess PCI-DSS requirements as they are implemented within the organization and highlights changes required in order to maintain compliance. |
