Industry Regulations

PCI DSS: Payment Card Industry Data Security Standard

Set of security standards designed to ensure that all businesses that accept, process, store, or transmit credit card information maintain a secure environment.

The card brands and banks, which can impose stiff fines, penalties and public disclosure, enforce PCI DSS including the suspension of payment card processing privileges. Any business that accepts payment cards or processes card data must validate their compliance with a PCI DSS yearly assessment.

Centrify Zero Trust Privilege solutions help commercial businesses address six of the major PCI DSS requirements:

• Requirement 1: Install and maintain a firewall configuration to protect cardholder data
• Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
• Requirement 4: Encrypt transmission of cardholder data across open, public networks
• Requirement 7: Restrict access to cardholder data by business need-to-know
• Requirement 8: Identify and authenticate access to system components
• Requirement 10: Track and monitor all access to network resources and cardholder data

SOX: Sarbanes-Oxley Act of 2002

Strict standards for financial reporting by U.S. public companies. SOX Section 404 mandates an annual assessment by an independent auditor of the effectiveness of a public company's control procedures. IT departments, who are usually tasked with managing these audits, need to ensure that systems holding financial data can be accessed only by those whose job function requires it, that privileges are limited just to those required by the job, and a record off all activity is kept.

Centrify helps IT organizations simplify their SOX auditing requirements with a cost-effective solution that leverages technology already in house: Microsoft Active Directory.

By leveraging an existing identity infrastructure, tools, processes and skill sets, Centrify Zero Trust Privilege solutions enable:

• Consolidated and centralized management of privileged user identities and servers;
• Privileged user authentication;
• Role-based access control;

A comprehensive set of IT security requirements not just for Financial Institutions (based in Singapore, but for any Financial Institution that is doing business in Singapore.

The MAS guidelines for Internet Banking and Technology Risk Management identify security and risk management issues in a comprehensive manner, covering everything from identity assurance and access controls to accountability and audit.

Centrify Zero Trust Privilege solutions help Financial Institutions directly address MAS TRM Guidelines in three critical areas:

• Section 11: Access Control
• Section 13: Payment Card Security
• Section 14: IT Audit

NERC CIP: North American Electric Reliability Corporation Critical Infrastructure Protection Plan

Guidance that requires accountability throughout the authentication, access control, delegation, separation of duties, continuous monitoring and reporting of electronic access to critical infrastructure.

Centrify Zero Trust Privilege solutions help energy producers and distributors to

• Eliminate troublesome shared accounts and root passwords.
• Quickly establish role-based granular access to systems based on business need-to-know using a dynamic rights model to secure privileged access and command execution.
• Enforce delegated administration and separation of duties so only authorized users are granting secured access to critical systems and applications.
• Generate detailed reports for NERC CIP compliance showing who has access to what resources, commands and applications.
• Spot suspicious activity or improper procedures through continuous monitoring of privileged user access to critical cyber security assets.