PCI-DSS Compliance with ESP
COMPLY WITH Payment Card Industry (PCI) Data Security Standards (DSS)
Protecting Cardholder Data (CHD)
Facing the well-publicized rise of identity theft and criminal cyber attacks, consumers have demanded assurances that their personal data will remain safe whenever they use their bank payment or credit cards. Since 2004, the industry has mandated a set of security guidelines known as the Payment Card Industry Data Security Standards or PCI-DSS. It includes guidelines for computer networks that store or process the cardholder personal data. However, until now enterprise security officers have not had access to a single product with the broad set of capabilities required to address the many categories of network security covered by PCI. They have also lacked the levels of visibility and automation needed to ensure that all the varied systems containing cardholder data are in continuous compliance.
What is your PCI security compliance score?
Elemental understands the challenges associated with security compliance and has developed a unique framework along with innovative technologies to reduce the overall time, cost and effort involved in demonstrating and maintaining compliance with PCI DSS security controls. Elemental Security Platform (ESP) is an enterprise security software solution that provides organizations with an adaptive compliance automation framework to address out-of-the-box most of the PCI DSS security mandates.
How does it work?
Elemental Cyber Security has created an automated policy framework within the Elemental Security Platform (ESP) that enables enterprises to comply with PCI guidelines for network segmentation, host security configuration management, access control, while also providing the visibility necessary to continuously monitor the systems on which cardholder information resides. Within minutes of ESP software installation on target machines, the ESP system will accurately calculate your compliance score for the PCI DSS policy and generate a pass/fail list of specific technical security controls. With that information in hand, your team in charge of security compliance will know exactly where your weak points are, and how to address them. Through historical compliance monitoring and reporting, they can also demonstrate continuous security posture improvements to management and auditors thus reducing cost and time-to-compliance.
ESP provides policies that directly address the following security controls mandated by PCI DSS:
- BUILD and MAINTAIN a SECURE NETWORK
- MAINTAIN a VULNERABILITY MANAGEMENT PROGRAM
- IMPLEMENT STRONG ACCESS CONTROL MEASURES
- REGULARLY MONITOR and TEST NETWORKS
- MAINTAIN an INFORMATION SECURITY POLICY
Report and demonstrate compliance
The PCI standard also requires systems to report on the activities of administrator access, including whether permissions on audit files are set appropriately and that all successful and failed attempts to access systems are logged and maintained. ESP contains more than 70 individual rules (controls) that enable organizations to apply a consistent configuration of logging systems cross-platform.
Utilizing the Elemental PCI policy framework and its advanced capabilities, organizations can address PCI requirements by augmenting traditional network security systems with endpoint-level security that protects data where it resides.
How is Elemental different?
Elemental's unique Cyber Security Platform enables continuous compliance by actually implementing and enforcing the technical security controls mandated by PCI DSS. The solution offers faster time-to-compliance, audit-ready reports, improved network security, ready to deploy security policies and risk assessment — all from one unified easy-to-use web-based user interface!