eEye Payment Card Industry (PCI)
Unified Vulnerability Management & Compliance Solutions
About PCI
The PCI DSS was developed by the five major credit card brands (MasterCard, VISA, American Express, Discover, and JCB) to help merchants safeguard electronic data from security breaches and to ensure the proper handling and protection of cardholder account and transaction information.
The vulnerability scanning requirements are found in requirement 5, 6, and 11 (see table below). As stated by PCI DSS, "Vulnerabilities are being discovered continually by malicious individuals and researchers, and being introduced by new software. System components, processes, and custom software should be tested frequently to ensure security controls continue to reflect a changing environment."
The web application scanning requirements are found in requirement 6.5 and 6.6 (see table below). As stated by PCI DSS, "Develop all web applications (internal and external, and including web administrative access to application) based on secure coding guidelines such as the Open Web Application Security Project Guide. Cover prevention of common coding vulnerabilities in software development processes..." and "For public-facing web applications, address new threats and vulnerabilities on an ongoing basis and ensure these applications are protected against known attacks..."
PCI requires BOTH vulnerability assessment and web application testing. Web application testing is different than the internal and external vulnerability assessments required by PCI.
Compliance with Payment Card Industry (PCI)
eEye Digital Security's vulnerability assessment reports let you see at a glance whether your network is compliant with the PCI DSS.
REM Security Management Console: Sample Retina PCI Compliance Report Summary
eEye Digital Security has been tested by NSSLabs for PCI Suitability when performing internal assessments. A full report is available here. PCI DSS requires BOTH internal and external vulnerability assessment. eEye Digital Security provides integrated vulnerability assessment, making it the ideal solution for PCI version 1.2 compliance.
| Eye Solutions Mapped to PCI Requirements | |
|---|---|
| Req. Title | eEye Solution |
| Build and Maintain a Secure Network | |
| 1. Install and Maintain a Firewall Configuration to Protect Cardholder Data | Retina, Blink |
| 2. Do Not Use Vendor Supplied Defaults for System Password and Other Security Parameters | Retina |
| Protect Cardholder Data | |
| 3. Protect Stored Cardholder Data | Blink, SecureIIS |
| 4. Encrypt Transmission of Cardholder Data Across Open, Public Networks | Blink, SecureIIS |
| Maintain a Vulnerability Management Program | |
| 5. Use and Regularly Update Anti-Virus Software | Retina, Blink |
| 6. Develop and Maintain Secure Systems and Applications | Retina, Blink |
| Implement Strong Access Control Measures | |
| 7. Restrict Access to Cardholder Data by Business Need-To-Know | Retina, Blink, SecureIIS |
| 8. Assign a Unique ID to Each Person with Computer Access | Retina, Blink |
| 9. Restrict Physical Access to Cardholder Data | Blink |
| Regularly Monitor and Test Networks | |
| 10. Track and Monitor All Access to Network Resources and Cardholder Data | Blink, SecureIIS |
| 11. Regularly Test Security Systems and Processes | Retina, Blink |
| Maintain an Information Security Policy | |
| 12. Maintain a Policy that Addresses Information Security | Retina, Blink, SecureIIS |