PCI DSS Compliance

pci

PCI DSS Compliance

Meet Latest PCI Standards

Protecting sensitive information is essential if your business is processing payment cards. It is essential that you need to put in place any range of security controls to achieve compliance with the latest PCI DSS. SQ1Shield helps many businesses to understand and implement technical and operational controls to fulfill the requirements of PCI DSS.

Be Secure. Be Compliant

Customized assessments for Payment Card Processing companies and Merchants to identify safeguard necessary to meet PCI DSS Compliance

Locate gaps that exist between your current security posture and the requirements

SQ1Shield helps you confront your PCI DSS compliance gaps so that risks can be prioritized and addressed

SQ1Shield built-in PCI DSS reports help you report easily on security controls

Customize the reports to meet your business requirements and be Compliant

SQ1Shield & PCI DSS – Fulfil Compliance requirement with SQ1Shield.

PCI DSS Requirement PCI DSS Sections SQ1Shield Coverage

1: Install and maintain a firewall configuration to protect cardholder data

1.1

Asset Discovery – Identifies all the devices in the network including firewalls, routers.

1.2

Events captured when changes to firewall configuration is made.

1.3

Alerts generated and captured when untrusted network access is established

1.4

Endpoint Detection & Response – Any configuration changes to personal firewall is alerted and responded

1.5

Policy Management helps you establish firewall policies, update it and circulate within your employees

2: Do not use vendor-supplied defaults for system passwords and other security parameters

2.1

Identify use of default system accounts on windows machine

2.2

Configuration assessment is performed on continuous basis to analyze any deviation

2.3

Monitor changes to Windows Registry or application configuration files that define encryption settings for Card data.

2.4

Asset Discovery – Identifies all the devices in the network including firewalls, routers.

2.5

Policy Management helps you establish policies, update it and circulate within your employees

3: Protect stored cardholder data

3.1

Review and test the Data Storage & backup and recommend remedial measures

3.2

Identify & validate card data stored within the network and encrypt

3.6

Monitor changes to Office 365, including DLP and more

File Integrity Monitoring

Log review & analysis

3.7

Policy Management helps you establish policies, update it and circulate within your employees

4: Encrypt transmission of cardholder data across open; public networks

4.1

Identify when network traffic goes to untrusted network

4.2

Monitor changes to Office 365, including DLP and more

4.3

Policy Management helps you establish policies, update it and circulate within your employees

5: Use and regularly update anti-virus software or programs

5.1

Identify systems with vulnerabilities, or not having antivirus installed and/or operational

5.2

Identify malware-based IoC, orchestrate manual and automated actions to isolate infected systems and block malicious domains.

5.3

Monitor events from antivirus solutions that could indicate a compromise or attempt to disable antivirus software.

5.4

Policy Management helps you establish policies, update it and circulate within your employees

6: Develop and maintain secure systems and applications

6.1

Identify systems susceptible to known vulnerabilities

6.2

Automate patches to the vulnerable systems

6.3

Perform application vulnerability testing during SDLC process

6.4

Policy Management – Any change management shall be recorded & monitored

6.5

Perform application testing for vulnerabilities in test environment

6.6

Perform vulnerability testing of web application for vulnerabilities

6.7

Policy Management helps you establish policies, update it and circulate within your employees

7: Restrict access to cardholder data by business need to know

7.1

Identify attempts to access systems using privileged accounts.

7.2

Identify escalation of privilege attempts

7.3

Policy Management helps you establish policies, update it and circulate within your employees

8: Assign a unique ID to each person with computer access

8.1

Policy Management helps you establish policies, update it and circulate within your employees

8.2

Aggregate logs and events from systems, applications, and devices from across your on-premises and cloud environments.

Identify attempts to use retired or default user credentials.

8.4

Policy Management helps you establish policies, update it and circulate within your employees

8.5

Monitor and alarm on Group Policy errors

8.7

User behavior monitoring ensures that malicious users do not have access to critical resources

8.8

Policy Management helps you establish policies, update it and circulate within your employees

9: Restrict physical access to cardholder data

9.1

Perimeter access control device assessment and monitoring

9.2

Procedures established and stored, update it and circulate within your employees

9.4

Guest access Procedures established and stored, update it and circulate within your employees

9.5

Test all storage and backup data for reliability

9.8

Media destruction procedures established and stored, update it and circulate within your employees

9.10

Policy Management helps you establish policies, update it and circulate within your employees

10: Track and monitor all access to network resources and cardholder data

10.1

Aggregate, analyze, and archive logs and events from systems, applications, and devices from across your on-premises and cloud environments

10.1

Identify logon success and failures. Identify privilege escalation attempts

10.3

Identify all events within the network with all data

10.4

Monitor and alarm which could indicate issues or attempts to disable clock synchronization

10.5

Test all storage and backup log data for reliability

10.6

Review logs and network traffic flow for malicious activity within the network

10.7

Test all storage and backup or trail data for reliability

10.9

Policy Management helps you establish policies, update it and circulate within your employees

11: Regularly test security systems and processes

11.1

Perform vulnerability management on wireless networks

11.2

Perform vulnerability assessment on all networks including AWS or Azure

11.3

Perform penetration testing on your network

11.4

Monitor access to and attempt to modify system and application binaries, configuration files, and log files.

Monitor user access to your Cloud environment

11.5

File Integrity Monitoring can detect modification attempts to applications or online storage containing card data.

11.6

Policy Management helps you establish policies, update it and circulate within your employees

12: Maintain a policy that addresses information security for all personnel

12.1

Policy Management helps you establish policies, update it and circulate within your employees

12.2

Perform risk management within your business network

12.3

Monitor for changes to Office 365 policies, including Data Leakage Protection (DLP), information management, and more.

12.5

Monitor all administrative activities through popular authentication and authorization solutions like Azure Active Directory.

12.6

Security reminders - Automated updates of threat intelligence and security awareness shared through policy management portal

12.8

Policy Management helps you establish policies, update it and circulate within your employees

12.9

Vendor Risk Management – Perform third party risk assessment and monitor the risks in third party that have access ePHI.

Perform vulnerability assessment on Vendor Network and remediate.

12.10

Automated Incident Response to all security events within your network

Contact Us
Invalid email address
Please Wait....

READY TO TALK TO OUR EXPERT?

Contact Us