PCI
Update: Webinar on changes in PCI DSS 2.0 on 10/14: Sign up now!
The Payment Credit Card Industry Data Security Standard (PCI DSS) requires PCI members, merchants, and service providers that store, process, or transmit cardholder data to apply security requirements to all “system components” - defined as any network component, server, or application included in, or connected to, the cardholder data environment. PCI DSS Requirement 1 requires you to install and maintain a firewall configuration and to periodically review firewall policies. Requirement 3 requires encryption of cardholder data or to install monitoring as a compensating control. PCI DSS Requirement 10 mandates to “track and monitor all access to network resources and cardholder data,” including a requirement to retain log data for one year, with a minimum of 3 months available online, and to review log data “daily”.
The benefits of LogLogic’s solutions for PCI compliance:
- The LogLogic Open Log Management platform in conjunction with the LogLogic Compliance Suite: PCI Edition and LogLogic Compliance Manager add-on products provide the foundation for log collection, archival, and review (Requirement 10).
- LogLogic Security Event Manager speeds up the process of daily log review by prioritizing incidents.
- LogLogic Database Security Manager provides monitoring as a compensating control for database encryption (Requirement 3).
Requirements satisfied by PCI Edition of the LogLogic Compliance Suite can help you satisfy:
| Category | PCI Data Security Standard | Control Header |
|---|---|---|
| Security | Requirement 1 | Install and maintain a firewall configuration to protect data |
| Requirement 2 | Do not use vendor-supplied defaults for system passwords and other security parameters | |
| Requirement 11 | Regularly test security systems and processes | |
| Change Management | Requirement 6 | Develop and maintain secure systems and applications |
| Identity and Access | Requirement 7 | Restrict access to data by business need-to-know |
| Requirement 8 | Assign a unique ID to each person with computer access | |
| Monitoring and Reporting | Requirement 10 | Track and monitor all access to network resources and cardholder data |
While LogLogic can provide you with the tools to enable you to achieve compliance, LogLogic cannot determine if you have met your compliance objectives. For any such determinations, you are advised to consult with a qualified advisor.
