To reduce their credit card liability in the face of frequent cyber attacks, the financial industry created the Payment Card Industry Data Security Standard (PCI DSS) for retailers. This requires, among other things, that you protect segments of your network from the outside with PCI DSS controls. You need to set up a segmented network, including a card holder data zone, and prove it for PCI DSS compliance.
RedSeal automates significant parts of that proof of PCI DSS compliance. We know that all your budgets, including your security budget, are carefully scrutinized. Our automation has helped customers be more efficient as they evaluate their network security for exposures, go through an audit, demonstrate PCI DSS compliance network requirements, and avoid credit card loss. They’ve been able to re-deploy scarce staff to other tasks.
Meet PCI DSS compliance with efficiency.
The Payment Card Industry Data Security Standard (PCI DSS) includes a number of controls that pertain to network architecture, configuration, and operations. Your retail network security starts with retail network mapping. RedSeal’s unique ability to map your network, calculate network access paths, and prioritize risk is well-suited to meeting many PCI DSS requirements, especially those related to firewalling, network segmentation, and penetration testing.
RedSeal also helps organizations meet the “Business as Usual” best practices in PCI DSS 3.2. The BAU guidelines were added to emphasize the need to implement network security controls as ongoing processes, rather than focusing on “just in time” compliance when the annual audit rolls around. RedSeal analyzes network infrastructure and network risk analysis on a nightly basis. This allows an organization to implement continuous monitoring of their segmentation and firewall configuration and effectiveness, with minimal operational overhead.
RedSeal supports PCI controls in the following DSS requirement sections:
- PCI DSS Compliance Requirement 1—Firewall Configuration
- Current network diagram; firewall and DMZ architecture validation.
- PCI DSS Compliance Requirement 2—Configuration Hardening
- Configuration best practices and default removal for network and firewall infrastructure.
- PCI DSS Compliance Requirement 6—Secure Systems
- Determine risk ranking for vulnerabilities based on severity, frequency and exposure.
- Validation of segmentation boundary; includes support for “Category 1/2/3” best practice segmentation strategy rapidly gaining traction with QSAs (Qualified Security Assessors).
- PCI DSS Compliance Requirement 11.3.4—Penetration testing and CDE Segmentation
- A great example of how PCI DSS significantly changes control activity implementation is the requirement for penetration testing of the CDE segmentation boundary (11.3.4).This requirement states that penetration testing must be done “…after any changes to segmentation controls/methods to verify that the segmentation methods are operational and effective, and isolate all out-of-scope systems from in-scope systems.” In practice this could be interpreted to mean that pen testing needs to be done after any firewall rule or ACL change on any device that segments the CDE – a massive undertaking. However RedSeal can continually test the segmentation boundary and identify those portions of the boundary that actually changed, allowing pen testing to be focused on just those elements. This drastically reduces the cost and effort required to meet this stringent new requirement.
DOWNLOAD OUR PCI DSS COMPLIANCE DATA SHEET
DOWNLOAD OUR PCI CDE COMPLIANCE DATA SHEET