{"id":25197,"date":"2020-06-27T07:54:20","date_gmt":"2020-06-27T07:54:20","guid":{"rendered":"http:\/\/35.232.100.111\/?page_id=25197"},"modified":"2022-12-28T09:37:25","modified_gmt":"2022-12-28T09:37:25","slug":"pci-dss-compliance","status":"publish","type":"page","link":"https:\/\/sectona.com\/pci-dss-compliance\/","title":{"rendered":"PCI DSS Compliance Pertaining to Privileged Access"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t

Find Out PCI DSS Requirements Specific to Privileged Access<\/h1>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t

Explore how Sectona platform can help you address PCI DSS requirements\u200b<\/p>\r\n

Request Demo<\/a><\/p><\/div>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t
\n\t\t\t\tThe Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements intended to ensure that all companies that process, store, or transmit credit card information maintain a secure environment. The standard specifically mandates protecting the cardholder data environment by taking preventive measures to secure privileged account access and passwords.\n

Sectona helps you achieve compliance with this standard by delivering and ensuring administrative access to your cardholder data environment is controlled, secured, and monitored. It further helps add value by providing rich analytics to improve visibility around user access to your cardholder data environment. Enterprises must be compliant with the PCI-DSS v3.2.1 around clauses of privileged access as highlighted below:<\/p>\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\n\t\t\n\t\t
\n\t\t\t

Requirement 2<\/h2>\n\t\t\t\t\t\t\t
\n\t\t\t\t\t

Do not use vendor-supplied defaults for system passwords and other security parameters

\n2.1, 2.3, 2.6 <\/p>\n\t\t\t\t<\/div>\n\t\t\t\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t

\n\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\n\t\t\n\t\t
\n\t\t\t

Requirement 7<\/h2>\n\t\t\t\t\t\t\t
\n\t\t\t\t\t

Restrict access to cardholder data by business need to know


\n7.1, 7.2, 7.3<\/p>\n\t\t\t\t<\/div>\n\t\t\t\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t

\n\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\n\t\t\n\t\t
\n\t\t\t

Requirement 8<\/h2>\n\t\t\t\t\t\t\t
\n\t\t\t\t\t

Identify and authenticate access to system components


\n8.1, 8.2, 8.3, 8.5, 8.8\n<\/p>\n\t\t\t\t<\/div>\n\t\t\t\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t

\n\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\n\t\t\n\t\t
\n\t\t\t

Requirement 10<\/h2>\n\t\t\t\t\t\t\t
\n\t\t\t\t\t

Track and monitor all access to network resources and cardholder data

\n10.1, 10.2, 10.3, 10.5, 10.7, 10.9\n<\/p>\n\t\t\t\t<\/div>\n\t\t\t\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t

Explore How Sectona Helps You achieve Compliance with PCI DSS<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t
\n\t\t\t\tSectona privileged access management solution addresses the PCI DSS standard requirements in and around clauses related to privileged or administrative account access. It also provides pre-defined and customizable reports out of the box that can help you provide evidence to prove compliance with PCI requirements.\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/i><\/span>\n\t\t\t\t\t\t\t\t<\/i><\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t Addressing Requirement 2<\/span> Automate Password Management<\/strong><\/span>

Manage and Inventorize privileged accounts across infrastructure. Leverage strong password change capabilities from discovery, onboarding to rotation for all vendor supplied default accounts. <\/p><\/a>\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t

\"PCI<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/i><\/span>\n\t\t\t\t\t\t\t\t<\/i><\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\tAddressing Requirement 7<\/span> Defining Need-Based Access<\/strong><\/span>

Configure access policy definitions based on user roles & functions. Define access to critical data and enforce restrictions on a need-to-know, need-to-access basis with strong workflow based access.<\/p><\/a>\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t

\"PCI<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/i><\/span>\n\t\t\t\t\t\t\t\t<\/i><\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t Addressing Requirement 8<\/span> Authorized Access Provision with Built-in Multi Factor Authentication<\/strong><\/span>

Leverage deep integration with Active Directory for faster provisioning and de-provisioning of access. Control third-party vendor access by defining hybrid access mechanisms. Configure customizable MFA options to enforce second level of authentication for users. <\/p><\/a>\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t

\"PCI<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/i><\/span>\n\t\t\t\t\t\t\t\t<\/i><\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t Addressing Requirement 10<\/span> Risk-Based Session Monitoring<\/strong><\/span>

Capture comprehensive logs of all critical sessions in both command and video format. Logs are stored in an encrypted format and provide auditable insights accessible only to authorized personnel.<\/p> <\/a>\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t

\"PCI<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t
\n\t\t\t\t