Regulatory Compliance

Improve PCI Compliance for Systems with Payment Card Data

The Payment Card Industry (PCI) Council, a consortium of the major payment card brands, maintains PCI Data Security Standards (DSS), a rigorous set of standards for protecting cardholder data anywhere it is transmitted, processed or stored. The card brands and banks, which can impose stiff fines, penalties and public disclosure, enforce PCI DSS including the suspension of payment card processing privileges. Any business that accepts payment cards or processes card data must validate their compliance with a PCI DSS yearly assessment.

Privileged access security is among the most important aspects of Centrify addresses these ongoing challenges by providing a scalable, non-intrusive solution to specific requirements of PCI DSS. Centrify Server Suite ensures that PCI scoped systems (virtual or physical) are secured, properly accessed, consistently controlled and managed. Centrify Identity Service ensures that users are individually identifiable and accountable for access to shared apps.

Centrify Server Suite for PCI DSS

Key CapabilitiesPCI DSS Requirement
Privileged Access Security 2. Do not use vendor supplied defaults for system passwords and other security parameters.
Identity Consolidation 7. Restrict access to cardholder data by business need-to-know.
8. Assign a unique ID to each person with computer access.
Identity Consolidation

Audit and Compliance
10. Track and monitor all access to network resources and cardholder data.
Isolation and Encryption 1. Install and maintain a firewall configuration to protect cardholder data.
4. Encrypt transmission of cardholder data across open, public networks.

Key Benefits

  • Drastically reduce the time and effort to satisfy key PCI DSS requirements.
  • Ensure individual accountability of privileged access, a key tenant of PCI DSS requirements.
  • Address PCI DSS reporting requirements with readily available reports of 'who has access to what' and 'what did they do with that access' including detailed privileged session auditing.