Safend for PCI Compliance
Maintaining Data Security and
Regulatory Compliance
Founded by American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International, the PCI (Payment Card Industry) Security Standards Council works to enhance the security of payment account data. The PCI's Data Security Standard (DSS) dictates detailed security and auditing requirements for council members.
Specifically, the DSS is broken down into 12 requirements, each of which is key to maintaining user data security. Designed from the ground up to help large organizations meet the challenges of standards like PCI DSS, Safend Auditor and Protector provide direct and effective solutions for the majority of these requirements.
Meeting the Challenges of PCI DSS
- PCI DSS Requirement: Do not use vendor-supplied
defaults for system passwords and security parameters
Safend, at the time of installation, does not have default administrative access commands. Safend can also immediately detect and safeguard pre-existing default technology ports that otherwise remain accessible on network endpoints, including wireless communications. - PCI DSS Requirement: Protect stored
data
Safend discovers and aggregates detailed information about data residing on the endpoint, tracking files if copied to external storage solutions and proactively blocking such data movement, depending on company security policy. When allowing data transfer to external devices, Safend enforces encryption – ensuring that sensitive data is protected, even when it leaves the corporate firewall. - PCI DSS Requirement: Encrypt transmission
of cardholder and sensitive information across pubic networks
Safend's on-demand enforceable 256-bit encryption capability helps ensure the integrity of sensitive customer data on mobile devices and external mass storage. Additionally, Safend provides controls for WiFi connectivity, enabling enterprise security teams to monitor and approve internal and external WiFi connections for each and every corporate endpoint user. - PCI DSS Requirement: Develop and maintain
secure systems and applications
Recognizing the imperative of tracking and securing endpoint device usage, Safend enables immediate security for any type of endpoint-connectable device – from memory sticks to smartphones, and everything in between. Safend Auditor delivers immediate information about all historic and current device connections, and Safend Protector automatically protects against non-approved, high-risk devices deliberately or inadvertently connected to the network. - PCI DSS Requirement: Restrict access
to data by business need-to-know
Safend security policies are easily aligned to role-based users and then deployed based on the rights and privileges of network endpoint users. Safend also provides role-based access control for administration, messaging and log collection. Further, users cannot tamper or uninstall Safend Protector –attempts to do so generate an administrator alert while still protecting the privacy of customer data. - PCI DSS Requirement: Assign a unique
ID to each person with computer access
Safend administration is aligned with directory services solutions, like Active Directory. Thus, each user, at login, will have their own unique policy enforcement in-place at the time of connection. This policy will remain in force, even when a device disconnects from the network. - PCI DSS Requirement: Track and monitor
all access to network resources and cardholder data
Safend Protector monitors and logs all endpoint data transfers in the enterprise, creating an audit trail of all user actions such as copying data to an external storage device, date and time, and file properties information. Safend also tracks offline use of removable storage to guarantee 100% monitoring. - PCI DSS Requirement: Regularly test
security systems and processes
Safend Auditor enables security administrators to check for current or historic device connections on network endpoints. A report can be created either on-demand or at predefined intervals. - PCI DSS Requirement: Maintain a policy
that addresses information security for employees and contractors
With Safend’s direct server-to-endpoint policy distribution feature, highly granular policy management is strengthened and maintained, enabling administrators to set general policies (OUs or Groups), as well as policies which pinpoint specific employee, contractor or even computer. Moreover, to facilitate easy policy management, Safend enables policies to be associated with Active Directory or Novell objects from within the Safend Management Console.