iSecurity Compliance with PCI-DSS
PCI-DSS is a
worldwide information security standard assembled in 2004 by the Payment
Card Industry Security Standards Council. The standard was created to help
organizations that process card payments prevent credit card fraud through
increased controls on data. The standard applies to all organizations
which hold, process, or pass credit card information.
iSecurity enables compliance with all the PCI articles which are relevant to System
i Security (1.3, 2.1, 2.3, 3.3-3.5, 5.1-5.2, 6.3, 7.1-7.2, 8.1-8.5,
9.1, 10.1-10.3, 10.5-10.7, 11.2-11.5, 12.9).
For detailed information, click for our White Paper specifying
iSecurity's support for PCI-DSS
Listed below are the iSecurity products which enable companies to be PCI-DSS Compliant.
Click to open the PCI DSS Quick Reference Guide v3.1
- Firewall - prevents criminals from accessing and
stealing sensitive data. Covers all 53 System communications protocols.
Logs all access attempts and reports breaches.
- Audit - monitors and reports on all activity in the
System i, performs as real-time auditing and detailed server audit
- Compliance Evaluator - provides at-a-glance
compliance checks assessing security status, strengths and weaknesses,
based on industry and corporate policies.
- Authority on Demand - Control of user authorities,
and dynamic granting of additional authorities on an as-needed basis,
accompanied by more scrutinized monitoring.
- AP-Journal (including READ logs) - Monitoring of all
changes in business-critical data & alerting of relevant personnel
upon significant changes.
- Password - Full password management capabilities,
including enforcement of site-defined password policies. Provides
detailed daily reports of unsecured passwords.
- Anti Virus - Protection from Windows-compatible
viruses and programs used or stored on System i server. Performs
automatic pre-scheduled periodic scans.
- Screen - Automatic protection for unattended
Is PCI Obligatory?
- Compliance is mandated by the payment card brands and not by
the PCI Security Standards Council.
- However, for most merchants, the deadlines for validating
compliance with the PCI DSS have already passed.
- One should check with acquirer/merchant bank to check
relevant deadlines, based on merchant transaction volume (level) as
determined by the card payment brands.
- All entities that transmit, process or store payment card
data must be compliant with PCI DSS.