ScriptLogic is now Quest Software

Solutions
Compliance Center
  FDCC
  SOX
  HIPAA
  FISMA
  GLBA
  ITIL
  COBIT
  NIST 800-53 / FIPS 200
  ISO 17799
  PCI
Home » Solutions » Compliance » PCI Data Security Standard Solutions

PCI Data Security Standard


The Standard

The Payment Card Industry (PCI) Data Security Standard was developed by the PCI Security Standards Council, an independent council established by the five leading payment brands, to manage the PCI Data Security Standard. The standard provides a simple, and yet effective, six-step process for securing a network containing cardholder data. Its overall goal is to establish, maintain and continually test the security of the network to ensure cardholder information remains secure.


The Challenge

PCI’s effect on IT requires that an organization must secure all information related to cardholders, regardless of the location of the data. This means that to be PCI compliant, organizations must take steps to prevent inappropriate access to cardholder data by putting into place both proactive and reactive controls over IT systems.


The Solution

ScriptLogic solutions can assist in bringing every aspect of an organization’s Windows network into compliance in the areas of Active Directory, server and desktop security. The following actions can be performed with ScriptLogic solutions to meet PCI control objectives:

Manage Desktop Security
Desktop Authority is used to configure the Windows XP Firewall, protect against known vulnerabilities in the form of Spyware, as well as patching Microsoft and select third-party solutions on the desktop. Desktop Authority also is used to preserve physical security by locking the desktop of inactive users after they have left a workstation.
Manage Services
PCI mandates that passwords be secured which includes Windows service accounts. Additionally unused services can be disabled to further enhance security. Both can be accomplished with Security Explorer.
Manage Passwords

To ensure security is maintained, passwords for both users and service accounts need to be changed every 90 days. Service Accounts can be centrally modified with Security Explorer. When users forget their passwords, PCI DSS mandates they be properly identified before reset. This can be accomplished by the user without IT intervention using Desktop Authority Password Self-Service.

Ensure Proper Permissions in Active Directory
Active Administrator generates reports on Active Directory permissions, which can be used to identify inappropriate permissions. Permissions can be delegated with self-healing Active Templates, making assignment of permissions specific, consistent and enforced.
Comprehensive Windows Security Reporting
Enterprise Security Reporter gives insight into the security settings on NTFS, Shares, and Registries, while Active Administrator details the security settings in Active Directory. Additionally, Security Explorer can be used to provide reporting on just NTFS permissions. Each of these tools can be used to provide consistent and timely reporting covering critical security areas.
Audit Changes in Active Directory
Audit, report and notify on any change in Active Directory, such as password resets, group membership changes or Group Policy management with Active Administrator.
 White Papers
Implementing PCI Compliance Controls with ScriptLogic

 Related Products
Desktop Authority
Desktop Authority Password Self-Service
Active Administrator
Enterprise Security Reporter
Security Explorer
Patch Deployment for Desktops

 Regulatory Resources
Payment Card Industry Data Security Standard

ScritpLogic Awards