PCI (Payment Card Industry) compliance standards protect personal information and ensure security when transactions are processed using a payment card. Thanks to ClearPoint Metrics new PCI compliance management solution, organizations can manage PCI compliance risk more effectively, and reduce the cost of auditing and reporting.
The new metrics-based PCI assessment application will be delivered as Software-as-a-Service (Saas) on the Amazon cloud.
Automating the PCI Compliance Process
The new solution was announced at the RSA Conference a few weeks ago and features controls designed to automate assessment, attestation and reporting for all 12 PCI requirements and operate independently of any particular security product.
These 12 requirements are as follows (as outlined by PCI Data Security Standard (DSS) that was developed to help help organizations proactively protect customer account data):
- Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
- Protect Cardholder Data
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks
- Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update antivirus software
Requirement 6: Develop and maintain secure systems and applications
- Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data
- Regularly Monitor and Test Networks
Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes
- Maintain an Information Security Policy
Requirement 12: Maintain a policy that addresses information security.
Gathering Data, Managing Assets
Components of the ClearPoint PCI Compliance Management solution include:
- Requirement Manager, Control Mapping and Evidence Manager allowing organizations to document their controls and manage evidence required for attestations and reporting.
- Evidence Manager for all forms of policy documents to be gathered and monitored, including links to log files and shared documents, surveys and textual commentary as well as fact based metrics.
- Data Gathering: Hard facts and data are collected through direct access to all qualified vulnerability scanners as well as the full complement of security applications including, firewalls, intrusion detection, antivirus, log management, event managers, encryption managers and data security products
- Asset Manager and Profiling: takes feeds from internal asset systems and enables organizations to classify, sort and group assets by compliance scopes and risk profiles.
As well, the solution provides a complete library of scorecards, companion metrics, data connectors and control monitoring alerts. All these tools allow for organizations to continuously monitor and keep team members abreast of alerts about performance, goals and deployment.
For 30 days, PCI Compliance management solution is free of charge at PCI.clearpointmetrics.com. After that, ClearPoint's PCI Service will be available in monthly and annually renewable subscriptions. It is licensed on a per-user basis with introductory 12-user subscription sold at US$ 500 per month.