Solutions

Additional Resources

Home  |  Solutions  |  IT Security & Compliance

PCI Compliance & Auditing

Simplify compliance reporting for stringent PCI DSS regulations by linking all access rights, privileges, and audit logs to a single, definitive Active Directory identity

The Challenge

The Payment Card Industry (PCI), a consortium of payment card vendors led by VISA, maintains the Data Security Standard (DSS), a rigorous set of standards for keeping consumer information secure from the point of sale through to all of the other systems where it might eventually be stored. The PCI DSS is backed by face stiff monetary penalties for infractions, and organizations that remain out of compliance also risk the loss of their card-processing privileges.

PCI DSS touches a wide spectrum of organizations: merchants, payment processors, point-of-sale vendors, and financial institutions. However, because PCI DSS is a detailed, multi-point standard with unambiguous guidelines, other industries frequently look to it as a guide to best practices in securing business-critical systems.

The Centrify Solution

Here is a brief synopsis of how Centrify addresses the four sections of PCI DSS that are particularly relevant to corporate IT staff. For a detailed, point-by-point analysis, request our free PCI white paper.

Sect. 1. Install and maintain a firewall configuration to protect cardholder data

Section 1.2 in particular states that organizations must "Build a firewall configuration that restricts connections between untrusted networks and any system components in the cardholder data environment." Centrify's server isolation and protection solution provides organizations with a simpler, software-based approach that dynamically isolates servers subject to PCI audits so that they can communicate only with other trusted computers. Not only is this solution more secure and easier to deploy than traditional firewall-based approaches, it also enables organizations to reduce the scope — and thus the cost — of PCI audits by focusing the audit on just the affected systems and not every system in their environment.

Sect. 4. Encrypt transmission of cardholder data across open, public networks

Centrify's solution for encrypting data in motion is particularly cost-effective for retailers who must move customer credit card data from branch stores to a corporate data center. Instead of relying on expensive private lines, they can move data across the internet using the strong authentication and encryption features of IPsec.

Sect. 7. Restrict access to cardholder data by business need-to-know

At the heart of many publicly acknowledged PCI DSS infractions is the issue of managing superuser privileges on systems holding customer information such as credit card numbers. With the Centrify Suite, each administrator or other staff member can be granted role-based access and privileges according to a least privilege security model. For example, a backup operator can be granted the right to log in to a Linux or UNIX database server and perform a backup without being granted other privileges that would, for example, also give them access to customer data. A server or group of servers can have its own unique set of authorized users, administrators and security/configuration policies.

Sect. 8. Assign a unique ID to each person with computer access

Corporate IT security administrators can link access rights and privileges to a user's Active Directory account. Those users log in with their individual Active Directory account, not a root or other superuser account, and automatically get the appropriate access rights and privileges.

Sect. 10. Track & monitor all access to network resources & cardholder data

The Centrify Suite can comprehensively log all user activity on a system and, once again, link it back to a unique Active Directory account.

Learn More

White PaperUsing Microsoft Active Directory to Address Payment Card Industry (PCI) Data Security Standard Requirements in Heterogeneous Environments
White PaperImplementing Detailed User-Level Auditing of UNIX and Linux Systems Using Centrify DirectAudit
White PaperCentrify DirectControl & Regulatory Compliance
WebinarThe 60-Minute IT Compliance Formula (with Security Expert Rolf von Roessing)
WebinarSolving the PCI Puzzle (with Security Expert Dr. Eugene Schultz)
On-Demand WebinarCentrify Security Solutions for PCI Compliance
Video ChalktalkIntroducing Centrify DirectSecure Part 1: Server Isolation and Protection
Video ChalktalkIntroducing Centrify DirectSecure Part 2: Securing UNIX and Linux Systems with IPsec and Active Directory
Video ChalktalkIntroducing Centrify DirectSecure Part 3: Leveraging the Racoon Internet Key Exchange (IKE) Daemon
Blog PostPCI Compliance for UNIX and Linux Servers
Blog PostPCI-A-Go-Go

Next Steps

Product Information

Contact Us

View a 5-Minute Demo
3-Part Webinar Series What Gartner Says About Using Active Directory for Centralized Authentication, Auditing and SSO
White Paper Centralized Identity and Access Management with Active Directory View
Now
Video Chalktalk Library Detailed overviews of Centrify solutions and technology

Unified Identity Management - Research computing environments are often managed as independent silos, kept far apart from organizational and enterprise systems. Expect IT efficiency efforts and government reporting requirements to push for unified access control, single sign-on and identity management systems that span Windows, Mac and Unix systems. Companies with identity management systems built on Microsoft's Active Directory will want to take a serious look at software products from Centrify

Bio-ITWorld.com
January 2007