Meeting PCI DSS Security Compliance Requirement Standards with Vormetric
Payment Card Industry Data Security Standards (PCI DSS) compliance mandates that all organizations that accept, acquire, transmit, process, or store cardholder data must take appropriate steps to continuously safeguard all sensitive customer information.
The Vormetric Data Security Platform provides PCI DSS security compliance solutions that secure and control enterprise data at rest, addressing critical portions of the PCI DSS 3.0 compliance control set for PCI DSS compliance requirements 3, 7, 8 and 10 while also supporting additional components of the PCI DSS compliance requirements. PCI DSS security compliance solutions address encryption, access control, encryption key management and granular logging requirements across multiple use cases within the PCI DSS 3.0 compliance requirements — protecting unstructured files, structured databases as well as specific fields or columns within databases and files across traditional data centers, virtual environments, cloud implementations and big data environments.
This single platform solution to multiple PCI DSS security compliance requirements under the standard helps organizations meet PCI DSS 3.0 compliance requirements with an easy-to-deploy, centrally managed infrastructure and solution set.
Key features and benefits include:
- ●Broad OS Platform support : Linux, UNIX, Windows servers in physical, virtual, cloud and big data Cardholder Data Environments (CDE)
- ●Encryption and Access Controls : Cardholder Data can be encrypted both for files and databases as a whole and for specific fields of columns, file level access is controlled and logged
- ●High Performance : Intel AES-NI and other hardware encryption capabilities built into CPUs is directly supported, resulting in minimal impact on SLAs and application latency
- ●Rapid deployment : Quick implementation and easy expansion across CDE helps meet audit deadline
|PCI DSS 3.0 Requirement||Mandate||Vormetric|
|PCI DSS Compliance Requirement 3:
Protect stored cardholder data
3.2, 3.4.1, 3.5.1, 3.5.2, 3.6
|Data should be rendered unreadable – anywhere that it is stored.||Files and Volumes – encrypts data, decrypts based on access policy
Field and Column – encrypts data within databases and files, decrypts as requested by application.
|PCI DSS Compliance Requirement 7:
Restrict access to cardholder data according to business need to know
|Only users and resources that must access cardholder data in order to complete their job should have access to systems containing cardholder data.||Vormetric adds access control on top of native operating system capabilities for both local system roles and directory services capabilities. It restricts privileged user role access, allowing them to perform their work, but decrypting data only for users and processes authorized by a centralized policy.|
|PCI DSS Compliance Requirement 8:
Identify and authenticate access to systems components
|Protect authentication credentials with strong cryptography; restrict access to databases containing cardholder data to DB administrators and the application.||Vormetric integrates with existing directory services to authenticate user IDs, and uses access policies to encrypted data to limit direct access to database administrators and the database process.|
|PCI DSS Compliance Requirement 10:
Track and monitor all access to network resources and cardholder data
10.1, 10.2, 10.3, 10.4.1, 10.5, 10.6
|Audit trails must be present for access to networks and cardholder data by system components, administrators and users.||With Vormetric, audit logs of all access (and access attempts) to encrypted file system and volume level data, by all users and processes, are collected and made available for analysis.|