PCI Regulatory Compliance
Get help with your PCI compliance audits.
Payment Card Industry (PCI) security standards are minimum requirements for protecting your customers' payment card information.
PCI compliance is required for all merchants that store, transmit, or process payment card information.
Visual Click's products can help keep your organization in compliance with these PCI regulations.
PCI 7. “Restrict access to cardholder data by business need-to-know”
7.1 Limit access to system components and cardholder data to only those individuals whose job requires such access.
CPTRAX
Audit Logs and Reporting for:
- Changes to File System Permissions
- Access to Files and Folders
- Files and Folders Created/Deleted/Changed
- Changes to Active Directory
- Changes to Group Policy Objects
DSRAZOR
Manage:
- Revoke Active Directory Object permissions
- Remove Active Directory Trustees
- File System Permissions
- Users - Delete/disable/change
- Groups - Delete/change
7.2 Establish a mechanism for systems with multiple users that restricts access based on a user´s need to know and is set to “deny all” unless specifically allowed.
CPTRAX
Audit Logs and Reporting for:
- Changes to File System Permissions
- Access to Files and Folders
- Files and Folders Created/Deleted/Changed
- Changes to Active Directory
- Changes to Group Policy Objects
DSRAZOR
Manage:
- Revoke Active Directory Object permissions
- Remove Active Directory Trustees
- File System Permissions
- Users - Delete/disable/change
- Groups - Delete/change
PCI 8. “Assign a unique ID to each person with computer access”
8.1 Assign all users a unique ID before allowing them to access system components or cardholder data.
CPTRAX
Track:
- Logons per Workstation Name
- Logons per IP Address
- Failed Logon Attempts due to Invalid Account Name
- Failed Logon Attempts due to Bad Password
8.5.1 Control addition, deletion, and modification of user IDs, credentials, and other identifier objects.
CPTRAX
Audit:
- Active Directory User Account Creations
- Active Directory User Account Deletions
- Active Directory Password resets
- All Active Directory user account attribute changes
DSRAZOR
Create/Delete/Modify:
- Limit ability to create/delete/modify user accounts
- Manage Active Directory Groups
8.5.3 Set first-time passwords to a unique value for each user and change immediately after the first use.
CPTRAX
Audit:
- Active Directory User Account Creations
- Active Directory User Account Initial Attributes (including "must change at next logon")
DSRAZOR
Create/Manage:
- Accounts with proper password settings
- Set first time password, user must change after logon
8.5.4 Immediately revoke access for any terminated users.
8.5.5 Remove or disable inactive user accounts at least every 90 days.
8.5.6 Enable accounts used by vendors for remote maintenance only during the time period needed.
CPTRAX
Audit:
- Auditing of account creation, enabling, disabling, and deletion, with timestamps to analyze their lifetime
8.5.8 Do not use group, shared, or generic accounts and passwords.
CPTRAX
Audit:
- Full auditing of account use (find all actions done under a shared account and help eliminate its usage).
8.5.9 Change user passwords at least every 90 days.
8.5.10 – 8.5.12 Password complexity requirements (Require a minimum password length of at least seven characters, Use passwords containing both numeric and alphabetic characters).
8.5.13 Limit repeated access attempts by locking out the user ID after not more than six attempts.
CPTRAX
Audit:
- Complements the built-in AD mechanism of limiting to six attempts with failed login auditing.
- Auditing of account unlock and password reset operations to monitor unauthorized access.
PCI 10. “Track and monitor all access to network resources and cardholder data”
10.1 Establish a process for linking all access to system components (especially those done with administrative privileges such as root) to each individual user.
CPTRAX
Track and Monitor:
- Full features auditing and reporting of all administrative activity within Active Directory, Group Policy and file servers. Detection of who changed what, when, and where.
10.2 Implement automated audit trails to reconstruct the required events.
CPTRAX
Track and Monitor:
- Complete audit trail processing capabilities for servers, both user-initiated and administrative activity.
10.3 Record at least the following audit trail entries for all system components for each event: User identification, Type of event, Date and time, Success or failure indication, Origination of event, Identity or name of affected data, system component, or resource.
CPTRAX
Track and Monitor:
- Full information of every change: who changed what, when, where, in Active Directory, File Server and virtual machines.
10.5 Secure audit trails so they cannot be altered.
CPTRAX
Secure Audit Trails:
- Securable encrypted file-based storage with optional SQL Server storage. Centralized collection, archiving, and consolidation of event logs to secure file-based storage.
10.6 Review logs for all system components at least daily.
CPTRAX
Review Logs:
- Full-featured reporting functionality with predefined reports and ability to create custom reports on any type of collected data. Out-of-the box reports scheduled daily and sent via e-mail for review.
10.7 Retain audit trail history for at least one year, with a minimum of three months immediately available for analysis.
CPTRAX
Retain Audit Logs:
- Unlimited storage capabilities with efficient storage use to store the required time period of past audit trails and history of changes to system components and security settings. Full-featured reporting for immediate access to all required data.
Get a free trial of our tools today!
Our products include 1 YEAR of our world class support!
Unlimited Training
We'll make sure you can take advantage of everything our products have to offer.
Unlimited Support
Our rapid-response support team can assist with any questions you may have.
Custom Applet Design
Need more? Just ask! We'll create a custom solution that fits your needs.
