PCI-DSS Compliance

PCI controls for your dedicated environment

The Payment Card Industry Data Security Standard (PCI-DSS) prescribes controls that help protect your customers' data-not just credit card data. Implementing PCI-DSS controls can help your customers can spend confidently

CBIT can provide you with infrastructure and services to assist you in addressing each of the 12 requirements of the PCI Data Security Standard for compliance:

Control Objectives PCI DSS Requirements CBIT can help you with

Build and Maintain a Secure Network

1. Install and maintain a firewall configuration to protect cardholder data

Managed Firewall

2. Do not use vendor-supplied defaults for system passwords and other security parameters

Vulnerability Assessment Services

Protect Cardholder Data

3. Protect stored cardholder data

Not applicable - you must implement this requirement

4. Encrypt transmission of cardholder data across open, public networks

SSL Certificates

Maintain a Vulnerability Management Program

5. Use and regularly update anti-virus software on all systems commonly affected by malware

Managed End Point Protection Suite

6. Develop and maintain secure systems and applications

Web Application Firewall

Implement Strong Access Control Measures

7. Restrict access to cardholder data by business need-to-know

Managed Active Directory

8. Assign a unique ID to each person with computer access

Two-Factor Authentication

9. Restrict physical access to cardholder data

Data Center Security

Regularly Monitor and Test Networks

10. Track and monitor all access to network resources and cardholder data

Log Management

11. Regularly test security systems and processes

Threat Management

Maintain an Information Security Policy

12. Maintain a policy that addresses information security

Not applicable - you must implement this requirement