PCI DSS 3.0 Compliance

PCI DSS 3.0
Compliance
Using TierPoint’s Cloud & Managed Security Services
In a recent poll conducted by American Consumer Credit Counseling (ACCC), 64% of consumers do not trust retailers with their
credit card information. From 2012 to 2013, data breaches have gone up by 30% and the number continues to grow. In 2014 alone,
we have seen 644 breaches and 78 million records exposed. This is another increase of 26% across multiple industries. To combat this,
the Payment Card Industry Data Security Standards PCI DSS v3.0 were released this year, with a compliance deadline of January 1, 2015.
These requirements comprise “a minimum set of requirements for protecting cardholder data, and may be enhanced by additional
controls and practices to further mitigate risks, as well as local, regional and sector laws and regulations.” But, doing only the status
quo to meet these minimum requirements may not be enough to avoid a breach of your networks and your customer’s data. The
chart below shows the 3.0 requirements and how you can enhance your security posture today by utilizing TierPoint’s compliance
expertise and services.
Required controls
How TierPoint can help
1.
Install and maintain a firewall configuration
to protect cardholder data
Fortinet’s world-class Next Generation Firewalls (NGFW) provide
you with the ability to combat Advanced Persistent Threats (APT)
using network antivirus, IDS/IPS, botnet protection, DOS protection,
and more…
2.
Do not use vendor-supplied defaults for
system passwords and other security
parameters
Our CleanIP Managed Security service puts the responsibility for this
in the hands of our certified, experienced security analysts. With the
help of both Fortinet and Alert Logic, we can help ensure the health
and compliance of your infrastructure.
3.
Protect stored cardholder data
Data Leak Protection ensures that you can track and block the
exfiltration of private information and, with our CleanIP Advanced
MSS, can be controlled based on SSN, Credit Card Numbers and
other customizable information. We can also monitor and block
secure channel communications such as SSL and SSH.
4.
Encrypt transmission of cardholder data
across open, public networks
IPSec and SSL VPN can handle remote connectivity and transmission
of your cardholder information. Within the TierPoint cloud, CloudLink
provides storage or VM encryption for storing your customer
information. Even better, you hold the encryption key… meaning
even TierPoint can’t access this data.
5.
Protect all systems against malware and
regularly update anti-virus software or
programs
Network antivirus and IDS/IPS provided by Fortinet FortiGate NGFW
protects your perimeter while Alert Logic’s Web Security Manager and
Threat Manager with Active Watch provides 24x7 network threat
detection.
PCI DSS 3.0 Compliance
Required controls
How TierPoint can help
6.
Develop and maintain secure systems and
applications
TierPoint utilizes the expertise of multiple vendor partners to provide
Web Application Firewalling to enable your web applications to remain
secure and protected. With the managed security offering by Alert
Logic, your WAF can be tuned and managed by GIAC certified security
experts.
7.
Restrict access to cardholder data by
business need to know
Dedicated firewalls provide network isolation for your environment
allowing you to restrict access to parts of the network.
8.
Identify and authenticate access to system
components
Two-factor authentication is provided with Fortinet’s FortiAuthenticator
and FortiTokens to verify that all access is secure and authorized. Our
security experts will engineer a solution to best fit your needs and
maintain the integrity of your environment.
9.
Restrict physical access to cardholder data
TierPoint datacenters are SSAE 16 SOC I and SOC II Type 1 and 2
audited and provide state-of-the-art physical security with 24x7
monitoring, badge and biometric access, and a security staff on
premises ensuring that only authorized personnel gain access to
your systems.
10. Track and monitor all access to network
resources and cardholder data
Multiple monitoring and tracking options are available including Alert
Logic Log Manager to provide remote security log analysis to assist in
validation of network activities.
11. Regularly test security systems and
processes
AlertLogic Threat Manager w/ Active Watch provides 24x7
management of internal and external network threats. Integrated
intrusion detection and vulnerability scanning capabilities provide key
elements to address the requirements of PCI DSS.
12. Maintain a policy that addresses
information security for all personnel
The responsibility of ensuring your security policy is in your hands, but
with the peace of mind that you’re protected by TierPoint’s wide range
of managed security services, your policy is easier to develop and
maintain than ever!
TierPoint can help meet your PCI DSS 3.0 compliance requirements using our comprehensive managed security services and our
secure Public, Private, or Hybrid cloud offerings. Working with top industry partners such as Fortinet, Alert Logic,VMware, and
CloudLink, we can work together to improve your security posture both on premises and in the cloud.
BALTIMORE | DALLAS | OKLAHOMA CITY | PHILADELPHIA | SEATTLE | SPOKANE | TULSA
TierPoint | 520 Maryville Centre Dr. | St. Louis | MO 63141 | www.tierpoint.com
© 2014 TierPoint, LLC. All Rights Reserved.