Access Control for PCI DSS Compliance

 

Xceedium provides access control for systems with cardholder data, helping organizations meet many of the PCI DSS requirements. Only Xceedium can deliver:

  • Logical network segmentation, essential in limiting the scope of PCI assessments and in controlling access to sensitive systems

  • Leapfrog prevention technology that contains users to only their authorized systems, applications and resources

  • A single, appliance-based solution with comprehensive features, minimizing setup and operational costs

  • The industry's most highly certified solution, with FIPS 140-2 Level 2, Common Criteria EAL4+ and JITC PKI/CAC certifications
     

PCI DSS Compliance Checklist

Xceedium's access control solution helps organizations meet the following PCI DSS compliance requirements:

PCI DSS Compliance Requirement

Xsuite

Requirement 2:
Do not use vendor-supplied defaults for system passwords and other security parameters

Eliminates the use of default passwords. Extends strong controls over the creation, administration, and use of passwords for sensitive administrative and management systems. Protects passwords in applications and systems used to support and process cardholder data.

Requirement 4: Encrypt transmission of cardholder data across open, public networks

Can encrypt session traffic, protecting passwords and administrative operations. Can be leveraged to aid in the protection of legacy POS systems and other applications.

Requirement 7: Restrict access to cardholder data by business need-to-know

Enforces granular access controls by role, group and/or individual. Allows for the creation and enforcement of comprehensive password controls, precisely limiting access to cardholder data to authorized users and applications.

Requirement 8: Assign a unique ID to each person with computer access

Tracks and controls each privileged user by unique ID and source IP address. Eliminates shared administrative and application passwords, ensuring that each entity accessing data is precisely identified, authorized and monitored as desired.

Requirement 10: Track and monitor all access to network resources and cardholder data

Provides full event tracking and auditing, full-session recording for graphical and command-line sessions with DVR-like playback of activity. Maintains detailed session and activity logs, supporting policy enforcement, activity monitoring and forensic investigation.

Requirement 12: Maintain a policy that addresses information security for all personnel

Enables the creation and enforcement of comprehensive access control policies for administrative systems, as well as the protection of passwords for all types of applications and scripts. Policies can be based on existing groups and definitions, and can provide for a range of controls, including broad-based provisions or very specific controls. Granular precision controls over command usage and access rights aids in defining and maintaining “least-privilege” access rights.
share Xceedium