The Payment Card Industry Data Security Standard (PCI-DSS) was established to promote cardholder data security and foster the adoption of consistent data security measurements on a global scale. The baseline technical and operational requirements are applied to all entities involved in credit card processing, including merchants, processors, acquirers, issuers, and third-party service providers. Further, the requirements also apply to all other entities that store, process, or transmit cardholder data (CHD) or sensitive authentication data (SAD). The approach looks to protect account data through the following control families:
- Build and Maintain Secure Network and Systems
- Protect Cardholder Data
- Maintain a Vulnerability Management Program
- Implement Strong Access Control Measures
- Regularly Monitor and Test Networks
- Maintain an Information Security Policy
LogRhythm’s PCI-DSS 3.2 Compliance Suite provides augmented and direct support of control objectives through pre-bundled Investigations, Alarms, AIE Rules, and Reports. Alarms and Reports are automatically associated with the correct PCI-DSS asset categories. You can then schedule Reports for periodic generation and delivery, or generate them on demand. To identify areas of non-compliance in real-time, you can leverage Investigations and Alarms for immediate analysis of activities that impact your organization's cardholder data systems. The following sections provide highlights of these module components and also provide all content included within the module.