Payment Card Industry – Data Security Standards (PCI-DSS)

The Payment Card Industry Data Security Standards require that merchants protect sensitive cardholder information from loss and use good security practices to detect and protect against security breaches. Townsend Security products provide a broad set of solutions to meet PCI data security needs.  For additional information, download our white paper titled "Meet the Challenges of PCI Compliance" to learn what your auditor is looking for and how to ensure your data is safe.

 

Strong encryption protects cardholder data

PCI DSS Section 3 “Encryption is a critical component of cardholder data protection. If an intruder circumvents other network security controls and gains access to encrypted data, without the proper cryptographic keys, the data is unreadable and unusable to that person. Other effective methods of protecting stored data should be considered as potential risk mitigation opportunities...”

 

Alliance AES encryption solutions provide strong, standards-based encryption for all Enterprise server environments. Alliance data encryption solutions are NIST certified and work across all of your server platforms to secure cardholder data.

 

NIST certified encryption methods ensure organizations meet PCI DSS encryption requirements

Encryption methods approved by the National Institute of Standards and Technology (NIST) are accepted as adequate protection of cardholder data.

 

Alliance AES encryption implements the full NIST specification for AES encryption including all encryption key sizes and data modes of encryption. This insures compatibility with your business applications, Point-of-Sale systems, external suppliers, and customer solutions. It is available for all enterprise platforms including; Microsoft Windows, Linux, Unix, IBM System z and IBM System i.

 

Achieve Regulatory Compliance Requirements with Certified Key Management

PCI DSS Section 3.5 "Protect cryptographic keys used for encryption of cardholder data against both disclosure and misuse. Protect cryptographic keys used for encryption of cardholder data against both disclosure and misuse."

 

Separate your encryption keys from your protected data with an easy-to-deploy rack-mounted solution, Alliance Key Manager. Alliance Key Manager provides the secure management, storage, and distribution of encryption keys you need for protecting data in motion and data at rest. Applications on any platform (System i, System z, Windows, Linux, Unix.) can securely retrieve encryption keys from Alliance Key Manager. Alliance Key Manager is FIPS-140 certified to guarantee regulatory compliance. For more information, download our Encryption Key Management & PCI DSS matrix.

 

Encrypt cardholder data across open, public networks

PCI DSS Section 4 “Sensitive information must be encrypted during transmission over networks that are easy and common for a hacker to intercept, modify, and divert data while in transit.”

 

Townsend Security secure communications and web service solutions support a wide variety of secure protocols for transferring sensitive information across internal and external public networks. Alliance solutions include support for secure transfer using SSL FTP, Secure Shell FTP (sFTP), Secure Shell Copy (sCP), HTTP and HTTPS web services, secure WebDAV, secure XML transfer, AS1/AS2/AS3 EDI over the Internet (EDI-INT), and SSL encrypted TCP sockets.

 

Track and monitor all access to network resources and cardholder data

PCI DSS Section 10 “Logging mechanisms and the ability to track user activities are critical. The presence of logs in all environments allows thorough tracking and analysis if something does go wrong. Determining the cause of a compromise is very difficult without system activity logs.”

 

Townsend Security system activity logging solutions support the collection and centralization of system logs across all computers and network devices in your Enterprise to meet this regulatory requirement. Syslog- ng Premium Edition is the de facto standard for secure and reliable system log collection and centralization. Syslog-ng Premium Edition collects logs on Windows, Linux, UNIX, and IBM Enterprise systems for centralized archival and monitoring. Complex network topologies are supported through secure relay configurations. Once system logs are consolidated on a central server they can be monitored and archived to meet compliance requirements.

 

For the IBM System i platform, the Alliance LogAgent for System i solution collects hundreds of proprietary IBM security journal and system operator messages and transmits them to several SIEM solutions.