Complying with PCI DSS

Don't store card holder data unless it is necessary for your business operations. And if you are storing data, ensure that you use necessary protection methods such as encryption, truncation, masking, and hashing of account data. Also make sure that all cryptographic keys and encryption tools are documented, recorded, and protected.

Meet this requirement with ManageEngine

Periodically scan for regulated data in your CDE, set up data retention policies, and prevent leaks via emails, removable media, and printers. Additionally, get visibility into SSH and SSL environments and take control of the keys to preempt breaches and compliance issues.

Prevent compromise of cardholder data during transmission over misconfigured wireless networks by encrypting the data before it is transmitted, encrypting the session over which the data is transmitted, or both. Use strong cryptography to get greater assurance in preserving cardholder data.

Meet this requirement with ManageEngine

Evaluate and assess the network which stores, processes, or transmits cardholder data against applicable PCI DSS requirements. And makes sure that the information in transit across public networks is completely protected by an end-to-end 256-bit AES encryption.

Use anti-malware solutions to protect your systems and networks from current and evolving malware threats. Make it a practice to keep your anti-virus software updated, conduct periodic scans for system vulnerabilities, and audit your logs so that you're able to keep a close watch for threats.

Meet this requirement with ManageEngine

Automate anti-virus software installation across network devices. You can also perform periodic evaluations to identify and evaluate evolving malware threats in systems, and take necessary actions against these threats.

Identify software and system vulnerabilities and apply appropriate security patches. Vulnerabilities related to custom software can be avoided by applying software lifecycle (SLC) processes and secure coding techniques.

Meet this requirement with ManageEngine

Scan, identify, and assign risk rankings to newly discovered security vulnerabilities, and automatically update critical patches with zero human intervention.

Apply access control rules and mechanisms to prevent unauthorized access to critical systems, applications, and data. Limit access and grant privileges based on the requirement and job responsibilities.

Meet this requirement with ManageEngine

Use role-based access control (RBAC) capabilities to define and assign access to chosen users with well-defined permission levels. You can also restrict privileges to the least necessary needed to perform job responsibilities.

Implement and manage strong identification and authentication measures to grant access to user rights and privileges. Establish and manage identities and verify them with the help of authentication factors, including multi-factor authentication (MFA), to strengthen the security of your CDE.

Meet this requirement with ManageEngine

Get reports on the status of user accounts, including that of inactive users, to ensure that users who have been terminated are removed from file access lists.

You can also define parameters to create passcode policies, configure passcode settings, enable two-factor authentication, maintain inventory logs for all identity-related activities, and more.

Set up security mechanisms to restrict physical access to cardholder data. This includes restricting entry into facilities and systems containing cardholder data.

Also, ensure that you physically protect all media containing the cardholder data and destroy it when your business no longer needs it.

Meet this requirement with ManageEngine

Maintain inventory logs related to media containing cardholder data that aid in conducting periodic media inventory audits, which enables you to destroy that media when it is no longer required.

Implement log monitoring and management practices to ensure that all logs related to system components and the CDE are collected and analyzed. Ensure you protect these audit logs from unauthorized modifications because these logs help detect and alert you of anomalies and suspicious activities, as well as support forensic analysis of events.

Meet this requirement with ManageEngine

Audit all user activity in your CDE in real time, and implement automated audit trials for all system components. You can backup audit trail files to a centralized log server, thereby preventing unauthorized modifications.

Track changes made by users with administrative privileges, and follow up exceptions and anomalies identified during the review process. Our solutions also help detect changes made to critical files and generate timely alerts when such changes are noted.

Perform penetration and vulnerability testing to identify, prioritize, and address internal and external security vulnerabilities. Carry out wireless analyzer scans to detect and identify all authorized and unauthorized wireless access points. And keep track of file modifications and network intrusions.

Meet this requirement with ManageEngine

Perform internal vulnerability scans to detect and resolve all high-risk vulnerabilities. You can also deploy a change-detection mechanism to receive alerts on a regular basis about unauthorized modification of critical system files, configuration files, or content files.

Maintain an information security policy which clearly defines the security roles and responsibilities of all personnel, including employees, contractors, and consultants. You should also make it a practice to perform security-related programs on a regular basis like risk assessment, user awareness training, employee background checks, and incident management.

Meet this requirement with ManageEngine

Develop usage policies for critical technologies, prohibit users from storing or copying cardholder data, monitor and analyze security alerts and information, and more. You can also conduct risk assessments,to identify critical assets, threats, and vulnerabilities.