The Payment Card Industry Data Security Standard (PCI DSS) was developed by leading credit card industry agencies to define best practices for protecting its members against electronic fraud. Failure to comply with PCI DSS policies can result in the creditor’s loss of access to the crediting agency.
Today’s Identity Access Management (IAM) technologies don’t detect or secure the privileged identities that hold elevated permissions to access electronic payment records, install and run programs, and change configuration settings on servers, workstations, applications and network devices.
Enterprise Random Password Manager (ERPM) helps organizations fill regulatory compliance gaps by securing privileged accounts, and by providing the auditing and control necessary to specifically address the following key PCI DSS version 3.2 requirements:
|6.3.6 Removal of custom application accounts, user IDs, and passwords before applications become active|
|6.4.6 Ensure security controls are in place following change in cardholder data environment|
|7.7.1 Restriction of access rights to privileged user IDs to least privileges|
|7.2.1 Coverage of all system components|
|8.5.4 Immediately revoke access for all terminated users|
|8.5.5 Remove/disable inactive user accounts at least every 90 days|
|8.5.6 Enable accounts used by vendors for remote maintenance only during the time periods needed|
|8.5.8 Do not use group, shared, or generic accounts or passwords|
|8.5.9 Change user passwords at least every 90 days|
|10.2 Implement automated audit trails for all system components|
|10.8 Detect and report on failures of critical security control systems|
|12.11 Quarterly reviews to confirm personnel are following security policies
ERPM automatically finds and secures privileged login credentials wherever they may reside. It provides a reliable audit trail to document the requestors, systems and accounts, time frames, and purpose of each access request.
Contact us to learn more.