Alert icon Keyboard navigation enabled.
Alert icon TAB or Shift+TAB to navigate across. Down ↓ to open menu. ESC to close menu.
Alert icon Down ↓ to select section. Right → to activate. Up ↑ / Down ↓ / Tab to traverse all. ESC to exit.
BeyondTrust
Skip to content Use space or enter to skip.

What can we help you find today?

Instant Results
  • Website Results
  • Technical Documentation

Filter Options

Focus your search

Filtering by

Your recent searches:

Contact Us Chat with Sales Get Support
  • English
  • Deutsch
  • français
  • español
  • 한국어
  • português
  • Home
  • Resources
  • Blog
  • Simplifying PCI Compliance with Privileged Access Management and Vulnerability Management current page
Link copied

Simplifying PCI Compliance with Privileged Access Management and Vulnerability Management

Mar 29, 2017
Author:
Slang
Scott Lang
Sr. Director, Product Marketing at BeyondTrust
Blog banner default
Simplifying PCI Compliance with Privileged Access Management and Vulnerability Management
Slang
Scott Lang
Sr. Director, Product Marketing at BeyondTrust
Simplify PCI Compliance If your organization collects, processes or stores cardholder data in any form, then you must adhere to the Payment Card Industry Data Security Standard (PCI DSS). As you have likely come to understand (and probably painfully I’m guessing) you will have challenges in meeting your PCI requirements; among them the direct and indirect costs and operational distractions associated with maintaining compliance. Let’s take a quick look at some of these challenges, and then I will explain how BeyondTrust helps you achieve compliance with certain provisions in PCI faster.
Ready to get started? Download our technical brief and learn how BeyondTrust solutions map to PCI guidelines. Download now

Fines and Penalties: Compliance is Mandatory

There are three levels of PCI compliance that an organization may be subject to, depending on the number of transactions that the organization processes, or if they are subject to the “merchant” or the “service provider” compliance definitions. If an organization is at the highest level of compliance (Tier 1), assessments are conducted annually by a Qualified Security Assessor (QSA) who creates a Report on Compliance (ROC). Any other levels of compliance (Tiers 2-3), may self-assess against the controls and may not directly involve a QSA. If an organization has been breached and was not in compliance with PCI, the card issuers can impose significant financial penalties on the merchant.

Complexity, Time and Resource Constraints: PCI Distracts from Core Operations

Merchants and service providers subject to PCI DSS should work to continually improve processes to ensure ongoing compliance and security, rather than treating compliance as a point-in-time project. Naturally, this can create a tremendous resource drain on IT teams.

How Privileged Access Management and Vulnerability Management can Help

Since they can be used as fundamental technologies to achieving compliance with PCI, we’ve written a new technical brief that explains how to map BeyondTrust privileged access management and vulnerability management solutions to PCI requirements to more easily demonstrate and maintain compliance. This guide is primarily intended to be used for those who must comply with merchant processing specifications, but applies to most service providers as well, and is meant to help you get more from your PAM and VM investment.

Mapping BeyondTrust PowerBroker and Retina solutions to PCI requirements

For a quick view of how BeyondTrust solutions map into these requirements, see the table below.
Control Objectives PCI DSS Requirements
BeyondTrust Platform
Retina Vulnerability Management
PowerBroker for Unix & Linux
PowerBroker for Windows & Mac
PowerBroker Identity Services
PowerBroker Password Safe
PowerBroker Auditing & Security Suite
Build and Maintain a Secure Network and Systems Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program Requirement 5: Protect all systems against malware and regularly update anti-virus software or programs
Requirement 6: Develop and maintain secure systems and applications
Implement Strong Access Control Measures Requirement 7: Restrict access to cardholder data by business need to know
Requirement 8: Identify and authenticate access to system components
Requirement 9: Restrict physical access to cardholder data
Regularly Monitor and Test Networks Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes
Maintain an Information Security Policy Requirement 12: Maintain a policy that addresses the information security for all personnel

What to do Next

Download the full PCI guide for a detailed requirement-by-requirement mapping of BeyondTrust PAM and VM solutions into PCI requirements. Remember: There is no magic bullet to achieving PCI compliance and no one vendor that can make you compliant with PCI. Look for solutions that help you simplify it; BeyondTrust can help. Contact us today for a strategy session on your current PCI compliance efforts. Download now
Latest Posts
  • Hooked on Identity (Part 2): Abusing OAuth Trust Boundaries in Okta
    Jun 12, 2026 Hooked on Identity (Part 2): Abusing OAuth Trust Boundaries in Okta
    Blog
    7m
  • Hooked on Identity: Abusing SAML Assertion Inline Hooks in Okta
    Jun 9, 2026 Hooked on Identity: Abusing SAML Assertion Inline Hooks in Okta
    Blog
    6m
  • Joining Project Glasswing: Securing the Privilege Backbone of the AI Era
    Jun 8, 2026 Joining Project Glasswing: Securing the Privilege Backbone of the AI Era
    Blog
    5m
  • The Most Common & Most Dangerous Types of Shadow IT
    Jun 5, 2026 The Most Common & Most Dangerous Types of Shadow IT
    Blog
    19m
  • 14 Password Management Best Practices
    May 28, 2026 14 Password Management Best Practices
    Blog
    12m
Related
  • Lincolnshire County Council’s computer systems held to ransom
    Feb 3, 2016 Lincolnshire County Council’s computer systems held to ransom
    Blog
    1m
  • When a Spear Phisher Came For Me
    Feb 6, 2019 When a Spear Phisher Came For Me
    Blog
    1m
Share this Article
  • Link
Stay up to Date
Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

Keep up with BeyondTrust

Customer Support Get Started
  • LinkedIn
  • X
  • Facebook
  • Instagram
  • Add BeyondTrust as a preferred source on Google
  • Privacy
  • Security
  • Manage Cookies
  • Do Not Sell My Data
  • WEEE Compliance

Copyright © 2003 — 2026 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.

Prefers reduced motion setting detected. Animations will now be reduced as a result.