PCI-DSS Compliance
Since 2004, the major credit card companies have cooperated on the implementation of a common data security standard called the Payment Card Industry Data Security Standard (PCI-DSS). The PCI standards provide guidelines for organizations that process card payments in order to help them prevent credit card fraud, cracking and other security threats. For more information download the complete PCI-DSS white paper.
As part of a comprehensive PCI compliance program, Tufin SecureTrack can help organizations meet the requirements relating to network security, data safety, access control, and accountability.
Secure Track’s PCI-DSS audit report makes it fast and simple to prepare for an internal or external audit. With in-depth information about the company’s PCI compliance level, the PCI-DSS audit report shows where improvements are needed and recommends how to address them. The PCI-DSS audit centralizes many of the capabilities of SecureTrack in one, convenient feature to make it easier than ever to comply with PCI-DSS.
The following table summarizes the PCI-DSS requirements, and explains briefly how Tufin SecureTrack 5.0 helps organizations achieve compliance with each requirement.
| PCI-DSS Requirement | SecureTrack Solution | |
|---|---|---|
| 1 | Install and maintain a firewall to protect data | Secure Track’s PCI-DSS automated audit report makes use of Securetrack’s comprehensive security operations management capabilities. SecureTrack enables operations teams to increase network security and automate day-to-day tasks with powerful change tracking and risk analysis capabilities. |
| 2 | Do not use vendor-supplied defaults for system passwords and other security parameters | Secure Track’s PCI-DSS audit report enables administrators to test firewall rule bases and ensure that relevant configuration parameters were modified from their factory default settings. The automated audit integrates industry best practices and analyzes firewall policies for correct usage of configurable security parameters. |
| 3 | Protect stored data | SecureTrack helps improve your firewall policy and rule base security, providing increased protection of stored data by organizational firewalls. |
| 4 | Encrypt transmission of cardholder data and sensitive information across public networks | SecureTrack’s Policy Analysis and auditing tools can be used to verify that encryption is being used for relevant cardholder data connections. |
| 6 | Develop and maintain secure systems and applications (includes installing the latest security patches) | SecureTrack’s customizable reports indicate which firewalls have been updated with the latest software versions. |
| 7 | Restrict access to data by business need-to-know | Policy Analysis can be used to proactively search for potential security holes while SecureTrack’s change tracking, alerts and audit reports will reveal unauthorized access. SecureTrack provides thorough accountability and a detailed audit trail for all configuration changes. |
| 8 | Assign a unique ID to each person with computer access | SecureTrack’s detailed change tracking identifies who made each change in the firewall policy, and the machine from which the change was made. |
| 10 | Track and monitor all access to network resources and cardholder data | SecureTrack maintains a detailed, read-only audit trail with full accountability for all configuration changes to supported devices. |
| 11 | Regularly test security systems and processes | Detailed reporting and analysis tools allow for periodic testing and examination of multiple security devices. Audit reports compare device configuration against industry regulations and best practices. |
| 12 | Maintain a policy that addresses information security | SecureTrack helps assess PCI-DSS requirements as they are implemented within the organization and highlight changes required in order to maintain compliance. |
