| Requirement |
SecureSphere Capabilities for PCI DSS |
|
1. Install and maintain a firewall configuration to protect cardholder data |
Contains built-in network firewall and intrusion prevention system |
| 2. Do not use vendor-supplied defaults for system
passwords and other security parameters |
Scans databases for default passwords, insecure settings, unpatched software and other vulnerabilities and configuration flaws |
|
3. Protect stored cardholder data |
Identifies and prevents storage of magnetic track data and addresses all of the compensating controls for section 3.4, rendering cardholder data unreadable |
| 4. Develop and maintain secure systems and applications |
Meets the application security requirements in section 6.6 with its market-leading Web Application Firewall. |
|
5. Restrict access to cardholder data by business need-to-know |
Enforces need-to-know access based on business activities; reports demonstrate that only users with legitimate need have access to cardholder data |
| 6. Assign a unique ID to each person with computer access |
Identifies shared user accounts and other potential account violations with monitoring and reporting |
|
7. Track and monitor all access to network resources and cardholder data |
Provides full access auditing for sensitive data and intelligent alerts that notify administrators of suspicious activity, providing actionable information for compliance |
| 8. Regularly test security systems and processes |
Delivers up-to-date compliance assessments and reports; alerts administrators to changes in usage, automates ongoing compliance |
Protecting Cardholder Data (PCI)