The Payment Card Industry Data Security Standard (PCI DSS) was developed by leading credit card industry agencies to define best practices for protecting its members against electronic fraud. Failure to comply with PCI DSS policies can result in the creditor’s loss of access to the crediting agency.
Today’s Identity Access Management (IAM) technologies don’t detect or secure the privileged identities that hold elevated permissions to access electronic payment records, install and run programs, and change configuration settings on servers, workstations, applications and network appliances.
Enterprise Random Password Manager (ERPM) helps organizations fill regulatory compliance gaps by securing privileged accounts, and by providing the auditing and control necessary to specifically address the following key PCI DSS requirements:
|6.3.6 Removal of custom application accounts, user IDs, and passwords before applications become active|
|7.7.1 Restriction of access rights to privileged user IDs to least privileges|
|7.2.1 Coverage of all system components|
|8.5.4 Immediately revoke access for all terminated users|
|8.5.5 Remove/disable inactive user accounts at least every 90 days|
|8.5.6 Enable accounts used by vendors for remote maintenance only during the time periods needed|
|8.5.8 Do not use group, shared, or generic accounts or passwords|
|8.5.9 Change user passwords at least every 90 days|
|10.2 Implement automated audit trails for all system components|
ERPM hardens and auto-propagates secured privileged login credentials wherever they may reside and provides a reliable audit trail to document the requestors, systems and accounts, time frames, and purpose of each access request.