Payment Card Industry – Data Security Standard
PCI DSS protects Payment Card and Consumer Data throughout transactional storage, processing and transmission.
Cardholder Data includes the PAN – the Primary Account Number, as well as cardholder name, service codes and expiration dates.
Global – All Entities that Store, Process, or Transmit Cardholder Data.
Notification to Payment Card Brand within 24 hours (MasterCard) or Immediately (All Others).
Significant Fines (Up to $100,000 per month/violation), Loss of Payment Card Capabilities, Increased Fees.
PCI DSS Requirements
Protect Stored Cardholder Data
Strong encryption and key management are critical to cardholder data protection:
• Requires robust and secure key generation, storage and distribution (3.6.1, 3.6.2, 3.6.3)
• If using disk encryption, logical access controls must be managed separately and independently of the native OS authentication and access control mechanisms (3.4.1)
SecureDoc Enterprise Server Intelligent Key Management delivers secure key generation, storage and distribution.
SecureDoc Pre-Boot Authentication operates and is managed independently of native OS authentication and access control mechanisms.
Restrict Access to Cardholder Data by Business Need to Know
Role-based access controls and robust authentication are required to restrict access to cardholder data.
SecureDoc Enterprise Server (SES) integrates with Active Directory and synchronizes users and user groups to enforce policies and access controls for endpoint devices, and for Virtual machines or servers.
Identify and Authenticate Access to System Components
Users must be uniquely identifiable and accountable for authentication and access to cardholder data on systems and devices.
SecureDoc Pre-Boot Authentication offers identifiable user-based authentication and event logging for accountability.
Track and Monitor Access to Network Resources and Cardholder Data
Audit logs are critical to prevent, detect and minimize the impact of data loss or exposure.
SES Management Console and SES Web Console strengthen compliance with a unified, enterprise-wide security view for audit logs and compliance reports.
PCI DSS Cloud Computing Guidelines
Protection of cardholder data is a shared responsibility with Cloud IaaS provider.
SecureDoc CloudVM protects Virtual and Cloud IaaS workloads with enterprise-controlled encryption and key management.