Improve PCI Compliance for Systems with Payment Card Data
The Payment Card Industry (PCI) Council, a consortium of the major payment card brands, maintains PCI Data Security Standards (DSS), a rigorous set of standards for protecting cardholder data anywhere it is transmitted, processed or stored. The card brands and banks, which can impose stiff fines, penalties and public disclosure, enforce PCI DSS including the suspension of payment card processing privileges. Any business that accepts payment cards or processes card data must validate their compliance with a PCI DSS yearly assessment.
Privileged access security is among the most important aspects to address these ongoing challenges by providing a scalable, non-intrusive solution to specific requirements of PCI DSS.
Centrify Server Suite® (CSS) enables consolidation and centralized management of user identities and servers, user authentication, role-based access control, session recording and reporting services to meet compliance auditing requirements.
Centrify Privilege Service™ (CPS) provides shared account password management and secure remote access to resources. Together, they help you address many of the PCI DSS requirements concerning privileged account management and usage, and control over access to resources that are in scope of PCI DSS.
Centrify Server Suite for PCI DSS
|Key Capabilities||PCI DSS Requirement|
|Privileged Access Security||Do not use vendor supplied defaults for system passwords and other security parameters.|
|Identity Consolidation||Restrict access to cardholder data by business need-to-know. Assign a unique ID to each person with computer access.|
|Audit and Compliance||Track and monitor all access to network resources and cardholder data.|
|Isolation and Encryption||Install and maintain a firewall configuration to protect cardholder data. Encrypt transmission of cardholder data across open, public networks.|
|Multi-factor Authentication||Multi-factor authentication for any personnel, local or remote, who have administrative access into the cardholder data environment (CDE), even if they are within a trusted network.|
- Drastically reduce the time and effort to satisfy key PCI DSS requirements
- Address PCI DSS reporting requirements with scheduled, packaged and customizable attestation reports representing 'who has access to what' and 'what did they do with that access' including detailed privileged session auditing
- Ensure individual accountability of privileged access, a key tenant of PCI DSS requirements