- Solutions
- Products
- Services
- Support
- Partners
- Resources
- About Us
- News
PCI Compliance & Auditing
Easily establish the authentication, authorization, encryption and audit requirements detailed in the Payment Card Industry Data Security Standard (PCI DSS) across your UNIX and Linux systems by leveraging Active Directory. Centralize your user, account, privileges and policy information for quick reporting of PCI DSS control requirements in your environment
The Challenge
The PCI Council, a consortium of the major card brands, maintains PCI DSS, a rigorous set of standards for protecting cardholder data anywhere it is transmitted, processed or stored. PCI DSS is enforced by the card brands and banks, which can impose stiff fines and penalties, including the suspension of payment card processing privileges.
Any organization that accepts payment cards or processes card data must validate their compliance with PCI DSS. As a yearly assessment, PCI DSS poses an ongoing challenge to organizations, which must maintain a continual compliance approach to ensure PCI requirements are maintained in their complex and dynamic IT environment.
Centrify addresses these ongoing challenges by providing a scalable, non-intrusive solution to PCI DSS and other compliance regulations. Centrify Suite ensures that new servers and applications (virtual or physical) are secure and consistently controlled and managed.
Centrify Suite PCI DSS Solution Overview
| Suite Edition | Products | PCI DSS Requirement |
| Platinum | DirectSecure |
4. Encrypt transmission of cardholder data across open, public networks 1. Install and maintain a firewall configuration to protect cardholder data |
| Enterprise |
DirectAudit DirectControl |
10. Track and monitor all access to network resources and cardholder data |
| Standard |
DirectAuthorize DirectControl |
7. Restrict access to cardholder data by business
need-to-know 8. Assign a unique ID to each person with computer access 2. Do not use vendor supplied defaults for system passwords and other security parameters |
Below is an overview of how Centrify addresses the six of the twelve major requirements of PCI DSS that are relevant to corporate IT staff. For a detailed, point-by-point analysis, request our free PCI white paper.
1. Install and maintain a firewall configuration to protect cardholder data
Section 1.2 in particular states that organizations must "Build a firewall configuration that restricts connections between untrusted networks and any system components in the cardholder data environment." Centrify DirectSecure, a server isolation and protection solution, provides organizations with a simpler, software-based approach that dynamically isolates servers subject to PCI audits so that they can communicate only with other trusted computers. Not only is this solution more secure and easier to deploy than traditional firewall-based approaches, it also enables organizations to reduce the scope — and thus the cost — of PCI audits by focusing the audit on just the affected systems and not every system in their environment.
2. Do not use vendor supplied defaults for system passwords and other security parameters
Centrify enforces user authentication with Active Directory credentials, which are managed with password policies configured in Active Directory. This ensures every user authenticates with their own unique credential and cannot access systems with default or weak passwords. In addition, requirement two mandates that all non-console administrative access be encrypted. Using Centrify with OpenSSH provides both secure authentication and single sign-on via Kerberos and network-level encryption of administrative sessions.
4. Encrypt transmission of cardholder data across open, public networks
Centrify's solution for encrypting data-in-motion is particularly cost-effective for retailers who must move customer credit card data from branch stores to a corporate data center. Instead of relying on expensive private lines, they can move data across the Internet using the strong authentication and encryption features of IPsec.
7. Restrict access to cardholder data by business need-to-know
At the heart of many publicly acknowledged PCI DSS infractions is the issue of managing superuser privileges on systems holding customer information such as credit card numbers. With the Centrify Suite, each administrator or other staff member can be granted role-based access and privileges according to a least-privilege security model. For example, a backup operator can be granted the right to log in to a Linux or UNIX database server and perform a backup without being granted other privileges that would, for example, also give them access to customer data. A server or group of servers can have its own unique set of authorized users, administrators, and security and configuration policies.
8. Assign a unique ID to each person with computer access
Corporate IT security administrators can link access rights and privileges to a user's Active Directory account. Those users log in with their individual Active Directory account, not a root or other superuser account, and automatically get the appropriate access rights and privileges.
10. Track & monitor all access to network resources & cardholder data
The Centrify Suite can comprehensively log all user activity on a system and, once again, link it back to a unique Active Directory account.
Learn More
Next Steps
Product Information
