IDERA SOLUTIONS FOR
PCI DSS COMPLIANCE
PCI DSS
The Payment Card Industry Data Security Standard (PCI DSS), currently at version 3.2, is a set of comprehensive requirements developed by the PCI Security Standards Council which includes American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. to help standardize the broad adoption of consistent data security measures on a global basis. In addition, it also includes requirements for security management, policies, procedures, network architecture, software design and other safeguards. PCI DSS is intended to help organizations to proactively secure customer credit card-related (cardholder) data.
Cardholder data that resides in Microsoft SQL Server database systems must adhere to the PCI DSS requirements. These requirements, in essence, mandate that IT and security professionals define and oversee the proper business disciplines and best practices for SQL Server access in order to prevent internal and external intrusions and enhance SQL Server confidentiality, data integrity and availability.
PCI DSS Compliance Checklist
In order to define the proper PCI DSS baselines, audit database object/data changes, and report the appropriate data security-related findings to auditors and regulators, you must be able answer the following questions:
- Who has access to my “Payment Card” data?
- What has changed with SQL Server permissions, logins & access?
- How do I define a secure baseline and maintain it across my SQL Server enterprise?
- How can I implement repeatable processes to help maintain my standards?
- How do I audit permission, object and data changes on my SQL Server?
- What is the best way for me to comply with Federal regulations with regards to my SQL Server databases?
- How do I ensure that my PCI data can be rendered unreadable wherever it is backed up?
HOW DOES SQL SECURE ADDRESS PCI DSS REQUIREMENTS?
SQL Secure is a security analysis solution that helps IT organizations to identify SQL Server security violations and ensures security policies are enforced. You can find out who has access to what and identify each user’s effective rights across all SQL Server objects. Furthermore, you can also alert on violations of your corporate policies, and secure your environment (internally and externally) from the most common methods of intrusion.
SQL Secure helps IT organizations address the requirements of PCE DSS with a built-in policy template that captures the relevant configurations and recommended settings as they relate to Microsoft SQL Server.
HOW DOES SQL COMPLIANCE MANAGER ADDRESS PCI DSS REQUIREMENTS?
SQL Compliance Manager is a comprehensive SQL Server auditing, alerting and reporting solution that uses policy-based algorithms to track changes to your SQL Server objects and data. SQL Compliance Manager provides continuous auditing of all SQL Server activity by identifying who did what, when and how, whether the event is initiated by privileged users or hackers.
SQL Compliance Manager specifically goes beyond traditional auditing approaches by providing custom real-time monitoring and auditing of all data access, updates, schema modifications and permission changes.
HOW DOES SQL SAFE BACKUP ADDRESS PCI DSS REQUIREMENTS?
SQL Safe Backup provides customizable policies to help you to facilitate backing up your PCI data and additionally delivers state-of-the-art encryption to ensure your backup files are protected anywhere they are stored.
[refer to pdf for table]IDERA understands that IT doesn’t run on the network – it runs on the data and databases that power your business. That’s why we design our products with the database as the nucleus of your IT universe.
Our database lifecycle management solutions allow database and IT professionals to design, monitor and manage data systems with complete confidence, whether in the cloud or on-premises. We offer a diverse portfolio of free tools and educational resources to help you do more with less while giving you the knowledge to deliver even more than you did yesterday.
Whatever your need, IDERA has a solution