| Payment Card Industry Data Security Standard (PCI DSS) |
|
PCI is a worldwide security standard assembled by the Payment Card Industry Security Standards Council (PCI SSC). The PCI security standards are technical and operational requirements that were created to help organizations that process card payments prevent credit card fraud, hacking and various other security vulnerabilities and threats. The standards apply to all organizations that store, process or transmit cardholder data - with guidance for software developers and manufacturers of applications and devices used in those transactions.
|
| Major PCI DSS Requirements |
| Control Objectives | PCI DSS Requirements |
| Build and Maintain a Secure Network | 1. Install and maintain a firewall configuration to protect cardholder data
2. Do not use vendor-supplied defaults for system passwords and other security parameters |
| Protect Cardholder Data | 3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks |
| Maintain a Vulnerability Management Program | 5. Use and regularly update anti-virus software on all systems commonly affected by malware
6. Develop and maintain secure systems and applications |
| Implement Strong Access Control Measures | 7. Restrict access to cardholder data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data |
| Regularly Monitor and Test Networks | 10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes |
| Maintain an Information Security Policy | 12. Maintain a policy that addresses information security |
|
| |
|
| XpoLog PCI DSS Reports |
| Log Management helps companies meet compliance mandates like PCI. XpoLog agent less non-intrusive software helps companies collect, access, monitor, analyze and report all logged data to get compliant quick. Major PCI Reports in XpoLog: |
| User Logon / Logoff - Requirement 10.2.1 All individual user accesses to cardholder data |
| Individual User Action report - Requirement 10.1, 10.2.2 Establish a process for linking all access to system components (especially access done with administrative privileges such as root) to each individual user. All actions taken by any individual with root or administrative privileges |
| Audit Policy Changes report - Requirement 10.2.3 Access to all audit trails |
| Logon Failure report - Requirement 10.2.4 Invalid logical access attempts |
| Audit Logs Access report - Requirement 10.2.6 Initialization of the audit logs |
| Objects Access report - Requirement 10.2.7 Creation and deletion of system-level objects |
| Based on PCI DSS Regularly Monitor and Test Networks, Requirements 10 and 11 |
| |
|
| Customers success stories |
|
|
| Cinnober Financial Technologies |
| Per-Anders Hall-Bedman, Head of New Markets and Alliances |
 XpoLog saves our teams hours of work every day. The log analysis was a major delayer in our troubleshooting and now it's the first thing we do |
| Read more > |
| |
|
| |
