PCI DSS

PCI DSS IT Compliance Automation

The PCI Data Security Standard (PCI DSS) mandates that all systems involved in credit card transaction processing have controls in place to validate that applications and configurations are securely deployed. Additionally, PCI requires that organizations must detect and notify when unauthorized changes are made to critical system files and configurations. SignaCert Integrity proves PCI compliance by assessing deployed systems against approved references.

SignaCert solutions prove PCI compliance by assessing deployed systems against approved PCI references, detecting and reporting on any deviations. By generating an audit trail which proves that only approved and documented changes are being deployed to managed systems, SignaCert solutions dramatically reduce the cost of audits.

Proving PCI compliance
  • Verifying that systems are compliant with PCI standards
  • Detecting and alerting when unauthorized changes are made to monitored systems
  • Generating reports that demonstrate historical PCI compliance
PCI controls covered by Integrity

02.2.2 Disable all unnecessary and insecure services and protocols
02.2.3.c Configure system security parameters to prevent misuse
07.2.3 Confirm that the access control systems has a default “deny-all” setting
08.4.a Verify that passwords are unreadable during transmission and storage
08.4.b Password files to verify that customer passwords are encrypted
08.5.08.a Generic user IDs and accounts are disabled or removed
08.5.09 Change user passwords at least every 90 days
08.5.10 Require a minimum password length of at least seven characters
08.5.11 Use passwords containing both numeric and alphabetic characters
08.5.12 Do not allow a new password that is the same as any of the last four passwords
08.5.13 Limit repeated access attempts by locking out the user ID after not more than six attempts
08.5.14 Set the lockout duration to a minimum of 30 minutes or until administrator enables the user ID
08.5.15 Session Idle Timeout
10.2.4 Verify invalid logical access attempts are logged
10.2.5 Verify use of identification and authentication mechanisms is logged
10.2.6 Verify initialization of audit logs is logged
10.5.5 Use file integrity monitoring and change detection software
10.4.a Verify that NTP is being used to synchronize clocks
11.5.a Deploy file-integrity monitoring tools
12.3.8 Verify usage policies require automatic disconnect of sessions for remote-access after inactivity