NEW: Microsoft Vulnerabilities Report 2022 - Read the Findings of Our Annual Report Read Now

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Demos
    • Glossary
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

Simplifying PCI Compliance with Privileged Access Management and Vulnerability Management

March 29, 2017

  • Blog
  • Archive
Simplify PCI Compliance If your organization collects, processes or stores cardholder data in any form, then you must adhere to the Payment Card Industry Data Security Standard (PCI DSS). As you have likely come to understand (and probably painfully I’m guessing) you will have challenges in meeting your PCI requirements; among them the direct and indirect costs and operational distractions associated with maintaining compliance. Let’s take a quick look at some of these challenges, and then I will explain how BeyondTrust helps you achieve compliance with certain provisions in PCI faster.
Ready to get started? Download our technical brief and learn how BeyondTrust solutions map to PCI guidelines. Download now

Fines and Penalties: Compliance is Mandatory

There are three levels of PCI compliance that an organization may be subject to, depending on the number of transactions that the organization processes, or if they are subject to the “merchant” or the “service provider” compliance definitions. If an organization is at the highest level of compliance (Tier 1), assessments are conducted annually by a Qualified Security Assessor (QSA) who creates a Report on Compliance (ROC). Any other levels of compliance (Tiers 2-3), may self-assess against the controls and may not directly involve a QSA. If an organization has been breached and was not in compliance with PCI, the card issuers can impose significant financial penalties on the merchant.

Complexity, Time and Resource Constraints: PCI Distracts from Core Operations

Merchants and service providers subject to PCI DSS should work to continually improve processes to ensure ongoing compliance and security, rather than treating compliance as a point-in-time project. Naturally, this can create a tremendous resource drain on IT teams.

How Privileged Access Management and Vulnerability Management can Help

Since they can be used as fundamental technologies to achieving compliance with PCI, we’ve written a new technical brief that explains how to map BeyondTrust privileged access management and vulnerability management solutions to PCI requirements to more easily demonstrate and maintain compliance. This guide is primarily intended to be used for those who must comply with merchant processing specifications, but applies to most service providers as well, and is meant to help you get more from your PAM and VM investment.

Mapping BeyondTrust PowerBroker and Retina solutions to PCI requirements

For a quick view of how BeyondTrust solutions map into these requirements, see the table below.
Control Objectives PCI DSS Requirements
BeyondTrust Platform
Retina Vulnerability Management
PowerBroker for Unix & Linux
PowerBroker for Windows & Mac
PowerBroker Identity Services
PowerBroker Password Safe
PowerBroker Auditing & Security Suite
Build and Maintain a Secure Network and Systems Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program Requirement 5: Protect all systems against malware and regularly update anti-virus software or programs
Requirement 6: Develop and maintain secure systems and applications
Implement Strong Access Control Measures Requirement 7: Restrict access to cardholder data by business need to know
Requirement 8: Identify and authenticate access to system components
Requirement 9: Restrict physical access to cardholder data
Regularly Monitor and Test Networks Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes
Maintain an Information Security Policy Requirement 12: Maintain a policy that addresses the information security for all personnel

What to do Next

Download the full PCI guide for a detailed requirement-by-requirement mapping of BeyondTrust PAM and VM solutions into PCI requirements. Remember: There is no magic bullet to achieving PCI compliance and no one vendor that can make you compliant with PCI. Look for solutions that help you simplify it; BeyondTrust can help. Contact us today for a strategy session on your current PCI compliance efforts. Download now
Photograph of Scott Lang

Scott Lang, Sr. Director, Product Marketing at BeyondTrust

Scott Lang has nearly 20 years of experience in technology product marketing, currently guiding the product marketing strategy for BeyondTrust’s privileged account management solutions and vulnerability management solutions. Prior to joining BeyondTrust, Scott was director of security solution marketing at Dell, formerly Quest Software, where he was responsible for global security campaigns, product marketing for identity and access management and Windows server management.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Microsoft Vulnerabilities Report 2022

Whitepapers

Cybersecurity Insurance Checklist

Whitepapers

Privileged Access Management: PAM Checklist

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Podcast
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.