This white paper has been prepared so that IT and security administrators can quickly understand how BeyondTrust Privileged Access Management (PAM) solutions map into requirements set forth in the Payment Card Industry Data Security Standard (PCI DSS) version 3.2. This guide is primarily intended to be used for those who must comply with merchant processing specifications but applies to most service providers as well.
Initially developed in 2004, and currently on version 3.2, the Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for every organization that accepts credit cards such as Visa, MasterCard, American Express, and others. The PCI standard:
- Was created to increase controls around cardholder data to reduce credit card fraud
- Has become a de facto standard for protecting access to personally identifiable information (PII), especially in the retail industry
- Is mandated by the card issuers; and
- Is administered by the Payment Card Industry Security Standards Council (PCI SSC)
No single software product can ensure or implement “PCI compliance” for any enterprise. Nor is any software product in itself, “PCI compliant.” Compliance to the PCI Data Security Standard (DSS) requires a combination of business practices, personnel management, physical restrictions, and software tools.
However, specific provisions contained in the Payment Card Industry Data Security Standard Requirements and Security Assessment Procedures Version 3.2 document of the PCI Security align to a number of capabilities in the BeyondTrust solution portfolio.