The PCI DSS Standard PCI DSS is one of the most common and ubiquitous security compliance standards. It enforced worldwide by all major credit card companies. This standard is necessary to ensure security of your customer's credit card information, and identity, to prevent theft and fraud. The PCI DSS standard is continuously evolving, but breaks down to several essential security precepts that are directly supported by CorreLog. Install and maintain a firewall configuration to protect cardholder data. CorreLog monitors changes to firewall rules and all attempts to bypass firewalls. CorreLog also interfaces with Intrusion Detection Systems, including SNORT and many others - indicating that a firewall may have been breached or a security policy changed. Do not use vendor-supplied defaults for system passwords and other security parameters. CorreLog tracks changes to security parameters, detecting when unauthorized changes are made to these rules and tracking users by name. Example A - CorreLog detects when a security policy associated with strong passwords on a system has been modified, indicating that someone may have returned a vendor-supplied security setting to its default condition. Example B - CorreLog catches all cases where the default 'guest' login is used on a network. Protect stored cardholder data. CorreLog detects logins to those computer systems processing cardholder data and protects this data in a variety of ways: it ensures that the system is performing as expected (with regard to performance, access and software updates) and it detects break-in attempts to computers, databases, websites and storage disks. CorreLog monitors disk activities, disk mount points and use of removable storage including CD/DVD burners and removable USB storage devices. Encrypt transmission of cardholder data across open, public networks. CorreLog encrypts data, so there is never a worry that CorreLog might reveal cardholder data parameter or other system description. CorreLog is FIPS-compliant - incorporating strong encryption algorithms for data transfers. Use and regularly update antivirus software. CorreLog monitors messages created by antivirus software programs, indicating when antivirus software has changed, has been enabled. CorreLog keeps a permanent record of virus detection activity - on all the computers in your enterprise - including servers and PCs. CorreLog works with all major antivirus software programs on both Windows and UNIX platforms. Assign a unique ID to each person with computer access. CorreLog indicates when a user logs into the system at an unexpected time, signifying that someone else (other than the identified user) is accessing records. CorreLog employs a unique "user discovery" process that automatically discovers and tracks all the users for the various systems on your network, including UNIX, Router, and Windows user identifiers. Develop and maintain secure systems and applications. CorreLog furnishes ability to make Windows platforms more secure (using the CorreLog Windows agent). For UNIX and other platforms, CorreLog leverages the existing native agent (i.e. the syslog process) to make the managed system more secure. CorreLog is a substantial "development component" of an enterprise-wide security policy, incorporating a standards-based, easy-to-use API to allow you to extend your security to any streaming log file or home-grown application. Restrict access to cardholder data by business need to know. CorreLog monitors the creation, deletion and modification of user accounts and groups so it can detect when access has been given to a user to a particular system. Additionally, CorreLog keeps track of user logins to these systems, including by time of day, so that 'after hours' unauthorized access is easily detected. Restrict physical access to cardholder data. CorreLog detects when systems are restarted (via a cold-start trap or via syslog messages) indicating that physical access may be breached - and systems may have been tampered with. This includes detection of USB and computer driver activity; indicating that somebody may have physical access to a restricted machine. Track and monitor all access to network resources and cardholder data. This is the main role of CorreLog as a security monitor. It provides visibility into who is logging into what areas of the enterprise and keeps track of what users are doing on the system. This is achieved through monitoring log messages and mapping activity back to security protocol. The correlation is presented in detailed event reports and dashboards like the one below. Regularly test security systems and processes. CorreLog schedules periodic tests of network integrity and verifies that certain messages are logged, indicating successful tests. CorreLog interfaces easily with common, security-test software, including port scanners, to verify that CorreLog is successfully monitoring system security. CorreLog has a self-test associated with AES encryption that permits users to verify that CorreLog encryption is working. Maintain a policy that addresses information security. An organization cannot claim to have a comprehensive information security policy without monitoring the security message being constantly logged on platforms within your enterprise. An enterprise that installs CorreLog, with no other action, takes a major step forward in creating and maintaining an enterprise security policy. Note that the PCI DSS specifications provide relatively elemental security. Implementation of this standard should serve as a starting point for your security policies, but further supplemental security measures (supported by CorreLog) may be required to increase your security assurance, including special attention to the physical security of devices, and internal security policies and security awareness of your employees. View Other Compliance Notes And Guidelines...