PCI DSS Compliance
Meet Latest PCI Standards
Protecting sensitive information is essential if your business is processing payment cards. It is essential that you need to put in place any range of security controls to achieve compliance with the latest PCI DSS. SQ1Shield helps many businesses to understand and implement technical and operational controls to fulfill the requirements of PCI DSS.
Be Secure. Be Compliant
Customized assessments for Payment Card Processing companies and Merchants to identify safeguard necessary to meet PCI DSS Compliance
Locate gaps that exist between your current security posture and the requirements
SQ1Shield helps you confront your PCI DSS compliance gaps so that risks can be prioritized and addressed
SQ1Shield built-in PCI DSS reports help you report easily on security controls
Customize the reports to meet your business requirements and be Compliant
SQ1Shield & PCI DSS – Fulfil Compliance requirement with SQ1Shield.
| PCI DSS Requirement | PCI DSS Sections | SQ1Shield Coverage |
|---|---|---|
|
1: Install and maintain a firewall configuration to protect cardholder data |
1.1 |
Asset Discovery – Identifies all the devices in the network including firewalls, routers. |
|
1.2 |
Events captured when changes to firewall configuration is made. |
|
|
1.3 |
Alerts generated and captured when untrusted network access is established |
|
|
1.4 |
Endpoint Detection & Response – Any configuration changes to personal firewall is alerted and responded |
|
|
1.5 |
Policy Management helps you establish firewall policies, update it and circulate within your employees |
|
|
2: Do not use vendor-supplied defaults for system passwords and other security parameters |
2.1 |
Identify use of default system accounts on windows machine |
|
2.2 |
Configuration assessment is performed on continuous basis to analyze any deviation |
|
|
2.3 |
Monitor changes to Windows Registry or application configuration files that define encryption settings for Card data. |
|
|
2.4 |
Asset Discovery – Identifies all the devices in the network including firewalls, routers. |
|
|
2.5 |
Policy Management helps you establish policies, update it and circulate within your employees |
|
|
3: Protect stored cardholder data |
3.1 |
Review and test the Data Storage & backup and recommend remedial measures |
|
3.2 |
Identify & validate card data stored within the network and encrypt |
|
|
3.6 |
Monitor changes to Office 365, including DLP and more File Integrity Monitoring Log review & analysis |
|
|
3.7 |
Policy Management helps you establish policies, update it and circulate within your employees |
|
|
4: Encrypt transmission of cardholder data across open; public networks |
4.1 |
Identify when network traffic goes to untrusted network |
|
4.2 |
Monitor changes to Office 365, including DLP and more |
|
|
4.3 |
Policy Management helps you establish policies, update it and circulate within your employees |
|
|
5: Use and regularly update anti-virus software or programs |
5.1 |
Identify systems with vulnerabilities, or not having antivirus installed and/or operational |
|
5.2 |
Identify malware-based IoC, orchestrate manual and automated actions to isolate infected systems and block malicious domains. |
|
|
5.3 |
Monitor events from antivirus solutions that could indicate a compromise or attempt to disable antivirus software. |
|
|
5.4 |
Policy Management helps you establish policies, update it and circulate within your employees |
|
|
6: Develop and maintain secure systems and applications |
6.1 |
Identify systems susceptible to known vulnerabilities |
|
6.2 |
Automate patches to the vulnerable systems |
|
|
6.3 |
Perform application vulnerability testing during SDLC process |
|
|
6.4 |
Policy Management – Any change management shall be recorded & monitored |
|
|
6.5 |
Perform application testing for vulnerabilities in test environment |
|
|
6.6 |
Perform vulnerability testing of web application for vulnerabilities |
|
|
6.7 |
Policy Management helps you establish policies, update it and circulate within your employees |
|
|
7: Restrict access to cardholder data by business need to know |
7.1 |
Identify attempts to access systems using privileged accounts. |
|
7.2 |
Identify escalation of privilege attempts |
|
|
7.3 |
Policy Management helps you establish policies, update it and circulate within your employees |
|
|
8: Assign a unique ID to each person with computer access |
8.1 |
Policy Management helps you establish policies, update it and circulate within your employees |
|
8.2 |
Aggregate logs and events from systems, applications, and devices from across your on-premises and cloud environments. Identify attempts to use retired or default user credentials. |
|
|
8.4 |
Policy Management helps you establish policies, update it and circulate within your employees |
|
|
8.5 |
Monitor and alarm on Group Policy errors |
|
|
8.7 |
User behavior monitoring ensures that malicious users do not have access to critical resources |
|
|
8.8 |
Policy Management helps you establish policies, update it and circulate within your employees |
|
|
9: Restrict physical access to cardholder data |
9.1 |
Perimeter access control device assessment and monitoring |
|
9.2 |
Procedures established and stored, update it and circulate within your employees |
|
|
9.4 |
Guest access Procedures established and stored, update it and circulate within your employees |
|
|
9.5 |
Test all storage and backup data for reliability |
|
|
9.8 |
Media destruction procedures established and stored, update it and circulate within your employees |
|
|
9.10 |
Policy Management helps you establish policies, update it and circulate within your employees |
|
|
10: Track and monitor all access to network resources and cardholder data |
10.1 |
Aggregate, analyze, and archive logs and events from systems, applications, and devices from across your on-premises and cloud environments |
|
10.1 |
Identify logon success and failures. Identify privilege escalation attempts |
|
|
10.3 |
Identify all events within the network with all data |
|
|
10.4 |
Monitor and alarm which could indicate issues or attempts to disable clock synchronization |
|
|
10.5 |
Test all storage and backup log data for reliability |
|
|
10.6 |
Review logs and network traffic flow for malicious activity within the network |
|
|
10.7 |
Test all storage and backup or trail data for reliability |
|
|
10.9 |
Policy Management helps you establish policies, update it and circulate within your employees |
|
|
11: Regularly test security systems and processes |
11.1 |
Perform vulnerability management on wireless networks |
|
11.2 |
Perform vulnerability assessment on all networks including AWS or Azure |
|
|
11.3 |
Perform penetration testing on your network |
|
|
11.4 |
Monitor access to and attempt to modify system and application binaries, configuration files, and log files. Monitor user access to your Cloud environment |
|
|
11.5 |
File Integrity Monitoring can detect modification attempts to applications or online storage containing card data. | |
|
11.6 |
Policy Management helps you establish policies, update it and circulate within your employees | |
|
12: Maintain a policy that addresses information security for all personnel |
12.1 |
Policy Management helps you establish policies, update it and circulate within your employees |
|
12.2 |
Perform risk management within your business network | |
|
12.3 |
Monitor for changes to Office 365 policies, including Data Leakage Protection (DLP), information management, and more. | |
|
12.5 |
Monitor all administrative activities through popular authentication and authorization solutions like Azure Active Directory. | |
|
12.6 |
Security reminders - Automated updates of threat intelligence and security awareness shared through policy management portal | |
|
12.8 |
Policy Management helps you establish policies, update it and circulate within your employees | |
|
12.9 |
Vendor Risk Management – Perform third party risk assessment and monitor the risks in third party that have access ePHI.
Perform vulnerability assessment on Vendor Network and remediate. | |
|
12.10 |
Automated Incident Response to all security events within your network |