PCI DSS 3.0 COMPLIANCE

Vormetric Data Security Solutions

Meeting PCI DSS Security Compliance Requirement Standards with Vormetric

Payment Card Industry Data Security Standards (PCI DSS) compliance mandates that all organizations that accept, acquire, transmit, process, or store cardholder data must take appropriate steps to continuously safeguard all sensitive customer information.

The Vormetric Data Security Platform provides PCI DSS security compliance solutions that secure and control enterprise data at rest, addressing critical portions of the PCI DSS 3.0 compliance control set for PCI DSS compliance requirements 3, 7, 8 and 10 while also supporting additional components of the PCI DSS compliance requirements. PCI DSS security compliance solutions address encryption, access control, encryption key management and granular logging requirements across multiple use cases within the PCI DSS 3.0 compliance requirements — protecting unstructured files, structured databases as well as specific fields or columns within databases and files across traditional data centers, virtual environments, cloud implementations and big data environments.

This single platform solution to multiple PCI DSS security compliance requirements under the standard helps organizations meet PCI DSS 3.0 compliance requirements with an easy-to-deploy, centrally managed infrastructure and solution set.

PCI DSS 3.0

Key features and benefits include:

  • Broad OS Platform support : Linux, UNIX, Windows servers in physical, virtual, cloud and big data Cardholder Data Environments (CDE)
  • Encryption and Access Controls : Cardholder Data can be encrypted both for files and databases as a whole and for specific fields of columns, file level access is controlled and logged
  • High Performance : Intel AES-NI and other hardware encryption capabilities built into CPUs is directly supported, resulting in minimal impact on SLAs and application latency
  • Rapid deployment : Quick implementation and easy expansion across CDE helps meet audit deadlines
PCI DSS 3.0 Requirement Mandate Vormetric
PCI DSS Compliance Requirement 3:
Protect stored cardholder data
3.2, 3.4.1, 3.5.1, 3.5.2, 3.6
Data should be rendered unreadable – anywhere that it is stored. Files and Volumes – encrypts data, decrypts based on access policy
Field and Column – encrypts data within databases and files, decrypts as requested by application.
PCI DSS Compliance Requirement 7:
Restrict access to cardholder data according to business need to know
7.1, 7.2
Only users and resources that must access cardholder data in order to complete their job should have access to systems containing cardholder data. Vormetric adds access control on top of native operating system capabilities for both local system roles and directory services capabilities. It restricts privileged user role access, allowing them to perform their work, but decrypting data only for users and processes authorized by a centralized policy.
PCI DSS Compliance Requirement 8:
Identify and authenticate access to systems components
8.2.1, 8.7
Protect authentication credentials with strong cryptography; restrict access to databases containing cardholder data to DB administrators and the application. Vormetric integrates with existing directory services to authenticate user IDs, and uses access policies to encrypted data to limit direct access to database administrators and the database process.
PCI DSS Compliance Requirement 10:
Track and monitor all access to network resources and cardholder data
10.1, 10.2, 10.3, 10.4.1, 10.5, 10.6
Audit trails must be present for access to networks and cardholder data by system components, administrators and users. With Vormetric, audit logs of all access (and access attempts) to encrypted file system and volume level data, by all users and processes, are collected and made available for analysis.

WHITE PAPERS

Using Encryption and Access Control for PCI DSS 3.0 Compliance in AWS

Vormetric Data Security: Complying with PCI DSS 3.0 Encryption Rules

This white paper details PCI DSS 3.0 controls and describes how the Vormetric Data Security Platform deployed in a...

Download >>

WHITE PAPERS

Vormetric Data Security: Complying with PCI DSS 3.0 Encryption Rules

Vormetric Data Security: Complying with PCI DSS 3.0 Encryption Rules

This white paper outlines how to use Vormetric Transparent Encryption to meet PCI DSS 3.0 Requirements...

Download >>

SOLUTION BRIEFS

Encryption Architecture

Vormertic Data Security for PCI DSS 3.0 Compliance

Download >>
Encryption Architecture

Vormetric Tokenization with Dynamic Data Masking

Download >>

CUSTOMER QUOTE

 Vormetric Data Security is quick and easy to administer, while having negligible impact on performance. It’s the perfect solution for meeting PCI DSS requirements.  

Daryl Belfry
Director of IT
TAB Bank

WHITE PAPERS

Encryption Architecture

DataStax and Vormetric Big Data PCI Compliance

Download >>
Big Data Without Big Headaches

Big Data Without Big Headaches

Download >>

Gartner Tokenization Newsletter

Customer and Partner Success

  • Rackspace Cloud Partners
  • McKesson
  • AWS
  • Google Compute Engine
  • Microsoft
  • IBM
  • CenturyLink
  • QTS
  • Teleperformance Secures
  • Delta Dental