Implement the PCI DSS Compliance Requirements with ManageEngine

How can you become PCI DSS compliant?

To be PCI DSS compliant, your organization needs to meet a bunch of operational and technical security requirements that applies to the CDE. A CDE is comprised of the people, processes, and systems that interact with or could impact the payment card information.

PCI DSS 4.0, the latest version of PCI DSS, consists of 12 requirements designed to protect payment account data.

ManageEngine's suite of IT management solutions can help you meet these 12 requirements spread across 6 objectives, and in turn ensure PCI DSS compliance.

Build and maintain a secure network and systems
Protect account data
Maintain a vulnerability management program
Implement strong access control measures
Regularly monitor and test networks
Maintain an information security policy

Build and maintain a secure network and systems

Requirement 1: Install and maintain network security controls

Monitor and control network traffic to and from the cardholder environment with the help of network security controls (NSCs), such as firewalls and other network security technologies.

Meet this requirement with ManageEngine

Verify and limit inbound and outbound traffic, thereby reducing the risk of exposure to untrusted networks. You can set firewall configuration rules and policies, keep track of network configuration changes, install personal firewall software on any mobile devices, and more.

Solutions that can help you meet this requirement

Log360

EventLog Analyzer

Firewall Analyzer

Access Manager Plus

Endpoint Central

Vulnerability Manager Plus

ServiceDesk Plus

OpManager

Patch Manager Plus

Applications Manager

Mobile Device Manager Plus

Network Configuration Manager

NetFlow Analyzer

Site24x7

Digital Risk Analyzer

Requirement 2: Apply secure configurations to all system components

Ensure you reduce your attack surface by applying and maintaining secure configurations for all systems and components. Prevent the use of default passwords and settings to prevent attackers from using them to gain access to employee or customer records.

Meet this requirement with ManageEngine

Create and configure strong passwords to secure devices and prevent intruders from hacking your devices. You can also change vendor-supplied defaults and remove or disable unnecessary default accounts before installing a system on the network.

Solutions that can help you meet this requirement

Log360

EventLog Analyzer

Firewall Analyzer

ADAudit Plus

ADManager Plus

Access Manager Plus

Endpoint Central

Vulnerability Manager Plus

ServiceDesk Plus

OpManager

Patch Manager Plus

Password Manager Pro

Site24x7

Digital Risk Analyzer

Protect account data

Requirement 3: Protect stored account data

Don't store card holder data unless it is necessary for your business operations. And if you are storing data, ensure that you use necessary protection methods such as encryption, truncation, masking, and hashing of account data. Also make sure that all cryptographic keys and encryption tools are documented, recorded, and protected.

Meet this requirement with ManageEngine

Periodically scan for regulated data in your CDE, set up data retention policies, and prevent leaks via emails, removable media, and printers. Additionally, get visibility into SSH and SSL environments and take control of the keys to preempt breaches and compliance issues.

Solutions that can help you meet this requirement

Log360

EventLog Analyzer

Firewall Analyzer

ADAudit Plus

ADManager Plus

ServiceDesk Plus

Password Manager Pro

Key Manager Plus

DataSecurity Plus

Requirement 4: Protect cardholder data with strong cryptography
during transmission over open, public networks

Prevent compromise of cardholder data during transmission over misconfigured wireless networks by encrypting the data before it is transmitted, encrypting the session over which the data is transmitted, or both. Use strong cryptography to get greater assurance in preserving cardholder data.

Meet this requirement with ManageEngine

Evaluate and assess the network which stores, processes, or transmits cardholder data against applicable PCI DSS requirements. And makes sure that the information in transit across public networks is completely protected by an end-to-end 256-bit AES encryption.

Solutions that can help you meet this requirement

Log360

Firewall Analyzer

ADAudit Plus

ADManager Plus

Access Manager Plus

Endpoint Central

OpManager

Password Manager Pro

Key Manager Plus

Exchange Reporter Plus

Site24x7

Maintain a vulnerability management program

Requirement 5: Protect all systems and networks from malicious software

Use anti-malware solutions to protect your systems and networks from current and evolving malware threats. Make it a practice to keep your anti-virus software updated, conduct periodic scans for system vulnerabilities, and audit your logs so that you're able to keep a close watch for threats.

Meet this requirement with ManageEngine

Automate anti-virus software installation across network devices. You can also perform periodic evaluations to identify and evaluate evolving malware threats in systems, and take necessary actions against these threats.

Solutions that can help you meet this requirement

Log360

EventLog Analyzer

Firewall Analyzer

Access Manager Plus

Endpoint Central

Vulnerability Manager Plus

ServiceDesk Plus

OpManager

Patch Manager Plus

ADSelfService Plus

Endpoint DLP Plus

Site24x7

Digital Risk Analyzer

Requirement 6: Develop and maintain secure systems and software

Identify software and system vulnerabilities and apply appropriate security patches. Vulnerabilities related to custom software can be avoided by applying software lifecycle (SLC) processes and secure coding techniques.

Meet this requirement with ManageEngine

Scan, identify, and assign risk rankings to newly discovered security vulnerabilities, and automatically update critical patches with zero human intervention.

Solutions that can help you meet this requirement

Log360

EventLog Analyzer

Firewall Analyzer

ADAudit Plus

ADManager Plus

Endpoint Central

Vulnerability Manager Plus

ServiceDesk Plus

OpManager

Patch Manager Plus

Password Manager Pro

Key Manager Plus

Applications Manager

ADSelfService Plus

AssetExplorer

Site24x7

Digital Risk Analyzer

Implement strong access control measures

Requirement 7: Restrict access to system components and cardholder
data by business need to know

Apply access control rules and mechanisms to prevent unauthorized access to critical systems, applications, and data. Limit access and grant privileges based on the requirement and job responsibilities.

Meet this requirement with ManageEngine

Use role-based access control (RBAC) capabilities to define and assign access to chosen users with well-defined permission levels. You can also restrict privileges to the least necessary needed to perform job responsibilities.

Solutions that can help you meet this requirement

Firewall Analyzer

ADAudit Plus

ADManager Plus

Access Manager Plus

Password Manager Pro

Identity360

Requirement 8: Identify users and authenticate access to system components

Implement and manage strong identification and authentication measures to grant access to user rights and privileges. Establish and manage identities and verify them with the help of authentication factors, including multi-factor authentication (MFA), to strengthen the security of your CDE.

Meet this requirement with ManageEngine

Get reports on the status of user accounts, including that of inactive users, to ensure that users who have been terminated are removed from file access lists.

You can also define parameters to create passcode policies, configure passcode settings, enable two-factor authentication, maintain inventory logs for all identity-related activities, and more.

Solutions that can help you meet this requirement

Log360

EventLog Analyzer

Firewall Analyzer

ADAudit Plus

ADManager Plus

Access Manager Plus

Endpoint Central

ServiceDesk Plus

Password Manager Pro

Key Manager Plus

Applications Manager

ADSelfService Plus

Mobile Device Manager Plus

Exchange Reporter Plus

AD360

Identity360

Remote Access Plus

Requirement 9: Restrict physical access to cardholder data

Set up security mechanisms to restrict physical access to cardholder data. This includes restricting entry into facilities and systems containing cardholder data.

Also, ensure that you physically protect all media containing the cardholder data and destroy it when your business no longer needs it.

Meet this requirement with ManageEngine

Maintain inventory logs related to media containing cardholder data that aid in conducting periodic media inventory audits, which enables you to destroy that media when it is no longer required.

Solutions that can help you meet this requirement

Log360

EventLog Analyzer

ADAudit Plus

Access Manager Plus

Key Manager Plus

Mobile Device Manager Plus

DataSecurity Plus

Regularly monitor and test networks

Requirement 10: Log and monitor all access to system components
and cardholder data

Implement log monitoring and management practices to ensure that all logs related to system components and the CDE are collected and analyzed. Ensure you protect these audit logs from unauthorized modifications because these logs help detect and alert you of anomalies and suspicious activities, as well as support forensic analysis of events.

Meet this requirement with ManageEngine

Audit all user activity in your CDE in real time, and implement automated audit trials for all system components. You can backup audit trail files to a centralized log server, thereby preventing unauthorized modifications.

Track changes made by users with administrative privileges, and follow up exceptions and anomalies identified during the review process. Our solutions also help detect changes made to critical files and generate timely alerts when such changes are noted.

Solutions that can help you meet this requirement

Log360

EventLog Analyzer

Firewall Analyzer

ADAudit Plus

ADManager Plus

Access Manager Plus

Endpoint Central

Vulnerability Manager Plus

OpManager

Applications Manager

AD360

Analytics Plus

Site24x7

Requirement 11: Test security of systems and networks regularly

Perform penetration and vulnerability testing to identify, prioritize, and address internal and external security vulnerabilities. Carry out wireless analyzer scans to detect and identify all authorized and unauthorized wireless access points. And keep track of file modifications and network intrusions.

Meet this requirement with ManageEngine

Perform internal vulnerability scans to detect and resolve all high-risk vulnerabilities. You can also deploy a change-detection mechanism to receive alerts on a regular basis about unauthorized modification of critical system files, configuration files, or content files.

Solutions that can help you meet this requirement

Log360

EventLog Analyzer

Firewall Analyzer

Vulnerability Manager Plus

ServiceDesk Plus

OpManager

Patch Manager Plus

Applications Manager

DataSecurity Plus

Network Configuration Manager

Site24x7

Digital Risk Analyzer

Maintain an information security policy

Requirement 12: Support information security with organizational
policies and programs

Maintain an information security policy which clearly defines the security roles and responsibilities of all personnel, including employees, contractors, and consultants. You should also make it a practice to perform security-related programs on a regular basis like risk assessment, user awareness training, employee background checks, and incident management.

Meet this requirement with ManageEngine

Develop usage policies for critical technologies, prohibit users from storing or copying cardholder data, monitor and analyze security alerts and information, and more. You can also conduct risk assessments,to identify critical assets, threats, and vulnerabilities.

Solutions that can help you meet this requirement

Log360

EventLog Analyzer

ADAudit Plus

ADManager Plus

Vulnerability Manager Plus

Patch Manager Plus

Digital Risk Analyzer

Complying with PCI DSS

What is PCI DSS?

ManageEngine's guide for
PCI DSS v4.0 compliance

Why do you need to comply with PCI DSS?

Prevent data breaches

Reduce the risk of data loss

Preserve customer trust

Avoid fines and penalties

Conform easily to other frameworks

How can you become PCI DSS compliant?

PCI DSS compliance mapping

PCI DSS
requirements

ManageEngine solutions that can help you meet the requirement

Get guidance on PCI DSS compliance

Complying with PCI DSS

What is PCI DSS?

ManageEngine's guide for PCI DSS v4.0 compliance

Why do you need to comply with PCI DSS?

Prevent data breaches

Reduce the risk of data loss

Preserve customer trust

Avoid fines and penalties

Conform easily to other frameworks

How can you become PCI DSS compliant?

Build and maintain a secure network and systems

Meet this requirement with ManageEngine

Solutions that can help you meet this requirement

Meet this requirement with ManageEngine

Solutions that can help you meet this requirement

Protect account data

Meet this requirement with ManageEngine

Solutions that can help you meet this requirement

Meet this requirement with ManageEngine

Solutions that can help you meet this requirement

Maintain a vulnerability management program

Meet this requirement with ManageEngine

Solutions that can help you meet this requirement

Meet this requirement with ManageEngine

Solutions that can help you meet this requirement

Implement strong access control measures

Meet this requirement with ManageEngine

Solutions that can help you meet this requirement

Meet this requirement with ManageEngine

Solutions that can help you meet this requirement

Meet this requirement with ManageEngine

Solutions that can help you meet this requirement

Regularly monitor and test networks

Meet this requirement with ManageEngine

Solutions that can help you meet this requirement

Meet this requirement with ManageEngine

Solutions that can help you meet this requirement

Maintain an information security policy

Meet this requirement with ManageEngine

Solutions that can help you meet this requirement

PCI DSS compliance mapping

PCI DSS requirements

ManageEngine solutions that can help you meet the requirement

Get guidance on PCI DSS compliance

Inquiry

ManageEngine's guide for
PCI DSS v4.0 compliance

PCI DSS
requirements