This white paper has been prepared so that IT and security administrators can quickly understand how BeyondTrust Privileged Access Management (PAM) solutions map into requirements set forth in the Payment Card Industry Data Security Standard (PCI DSS) version 3.2. This guide is primarily intended for those who must comply with merchant processing specifications, but applies to most service providers as well.
Initially developed in 2004, and currently on version 3.2, the Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for every organization that accepts credit cards, such as Visa, MasterCard, American Express, and others. The PCI standard:
No single software product can ensure or implement “PCI compliance” for any enterprise. Nor is any software product in itself, “PCI compliant.” Compliance to the PCI Data Security Standard (DSS) requires a combination of business practices, personnel management, physical restrictions, and software tools.
However, specific provisions contained in the Payment Card Industry Data Security Standard Requirements and Security Assessment Procedures Version 3.2 document of the PCI Security align to a number of capabilities in the BeyondTrust solution portfolio.