PCI

What does PCI DSS compliance mean?

In security terms, it means that your business adheres to the PCI DSS requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. In operational terms, it means that you are playing your role to make sure your customers' payment card data is being kept safe throughout every transaction, and that they – and you – can have confidence that they're protected against the pain and cost of data breaches.

How to Be CompliantGetting Started with PCI Data Security Standard Compliance

PCI Security Standards are technical and operational requirements set by the PCI Security Standards Council (PCI SSC) to protect cardholder data. The Council is responsible for managing the security standards, while compliance with the PCI Security Standards is enforced by the payment card brands. The standards apply to all organizations that store, process or transmit cardholder data – with guidance for software developers and manufacturers of applications and devices used in those transactions.

If you are a merchant that accepts payment cards, you are required to be compliant with the PCI Data Security Standard. You can find out your exact compliance requirements only from your payment brand or acquirer. However, before you take action, you may want to obtain background information and a general understanding of what you will need to do from the information and links here.

The PCI DSS follows common-sense steps that mirror security best practices. There are three steps for adhering to the PCI DSS – which is not a single event, but a continuous, ongoing process.

  • Assess : identify cardholder data, take an inventory of your IT assets and business processes for payment card processing, and analyze them for vulnerabilities that could expose cardholder data.
  • Remediate : fix vulnerabilities and do not store cardholder data unless you need it.
  • Report : compile and submit required remediation validation records (if applicable), and submit compliance reports to the acquiring bank and card brands you do business with.
PCI Secure Network Infrastructure
Requirements Solutions
Install and maintain a firewall configuration to protect cardholder data. This requirement mandates the need to implement a sound firewall infrastructure to protect cardholder data from external access. Axxera Security Consulting team can perform an assessment to identify the state of your current firewall and network architecture, identify any gaps, recommend solutions to these gaps and implement the changes necessary.
Axxera SIEM Product
Security Consulting
Managed Firewall
IDS / FIrewall / Log Monitoring
Do not use vendor-supplied defaults for system passwords and othersecurity parameters. This requirement dictates that organizations must use sound password policies, such as not using vendor-supplied passwords, and wireless and infrastructure configuration standards. Axxera' Security Consulting Services can help you meet this requirement by conducting a Vulnerability Assessment of your environment to identify any weaknesses in your configuration practices, including weak passwords, unnecessary services and rogue web servers.
Axxera SIEM Product
Security Consulting
Vulnerability Scanning
Protect  Data
Protect stored cardholder data. This requirement mandates rendering stored cardholder data unreadable if possible or implementing other compensating controls, such as preventing Web application attacks. Axxera' Security Consulting Services can help you classify your assets and the data residing in them and help formulate a data protection strategy appropriate to your infrastructure.
Security Consulting
Managed Intrusion Prevention and Detection
Axxera SIEM Product
Encrypt transmission of cardholder data across open, public networks. This requirement calls for all cardholder data to be encrypted during transmission over public or untrusted networks. Axxera' Security Consulting Services can help you meet this requirement by assessing your current infrastructure to ensure all VPNs and wireless networks are configured properly to encrypt sensitive data, as well as identify any gaps in your data transmission flows that may leave sensitive information unencrypted.
Axxera SIEM Product
Security Consulting
Managed Firewall
Email Encryption
 Vulnerability Management 
Use and regularly update anti-virus software or programs. This requirement mandates the use of anti-malware solutions to prevent all known types of malicious software from impacting your critical systems. Axxera Intrusion Prevention and Detection Service with our CI Sensor can provide an additional layer of defense against these types of attacks. Our experts will manage this infrastructure to ensure it is properly tuned and has the latest definitions, as well as monitor these devices in real-time, 24x7x365 for any signs of attack.
Axxera SIEM Product
Managed Intrusion Prevention and Detection
IDS / FIrewall / Log Monitoring
Develop and maintain secure systems and applications. This requirement mandates the need to ensure your environment maintains current patch levels, you adhere to secure coding practices and that all Web applications undergo periodic Web application assessments. Axxera' Security Consulting Services can help you meet this requirement by conducting periodic vulnerability assessments to ensure the security of your environment, perform Web application assessments to identify any areas of concern across your web-facing infrastructure, including vulnerabilities that may lead to cross-site scripting attacks and buffer overflows etc.
  Security Consulting
Vulnerability Scanning
Axxera SIEM Product
Access Control 
Restrict access to cardholder data by business need-to-know. This requirement mandates the need for organizations to implement proper identity and access management across systems that house cardholder information. Axxera' Security Consulting Services can help you meet this requirement by working with your team to classify your systems and identify those that house cardholder information. Our consultants can then help your organization design an appropriate identity and access management strategy. The Security Consulting team can also assess your infrastructure to ensure the proper access controls have been implemented in accordance with this PCI requirement.
  Axxera SIEM Product
Security Consulting
IDS / FIrewall / Log Monitoring
Assign a unique ID to each person with computer access. This requirement mandates the need to ensure that actions taken by known and authorized individuals with computer access can be monitored and traced. Axxera' Security Consulting Services can help you meet this requirement by working with your team to develop and implement proper policies and procedures for assigning unique IDs and authentication measures. The Security Consulting team can also assess your identification and authentication measures to ensure their effectiveness in protecting cardholder data and complying with PCI requirements for password management and authentication.
Security Consulting
IDS / FIrewall / Log Monitoring
Axxera SIEM Product
Restrict physical access to cardholder data. This requirement dictates that organizations implement appropriate physical security controls
Security Consulting
Axxera SIEM Product
Network Monitoring 
Track and monitor all access to network resources and cardholder data. This requirement calls for companies to implement logging mechanisms across all network, security and server infrastructure that houses or handles cardholder information and monitor the logs for any violations. Axxera' Log Monitoring Service provides real-time log aggregation, correlation and analysis across any security device or critical information asset. All logs and alerts are monitored in real-time, 24x7x365 by security experts to identify known and unknown threats or unusual user behavior. Any malicious activity identified is immediately responded to before damage is done.
Axxera SIEM Product
IDS / FIrewall / Log Monitoring
Log Retention
Regularly test security systems and processes This requirement mandates that organizations periodically test their systems and protect them through vulnerability scans, penetration testing, intrusion prevention and detection.
Axxera SIEM Product
Security Consulting
Vulnerability Scanning
Managed Intrusion Prevention and DetectionManaged
Host Intrusion Prevention
IDS / FIrewall / Log Monitoring
 Implement Security Policy 
Maintain a policy that addresses information security for employees and contractors. This requirement dictates that organizations must create an information security policy that is kept up-to-date and addresses all the security requirements in the PCI DSS, as well as operational security, system usage, security management, security awareness and incident response. Axxera' Security Consulting Services can help you address this requirement by working with your team to create a robust, effective information security policy that addresses all the requirements of this section and the PCI DSS as a whole.
  Security Consulting
IDS / FIrewall / Log Monitoring