The Payment Card Industry Data Security Standard (PCI DSS) was introduced in 2004 by the Payment Card Industry Security Standards Council (PCI SSC) in order to enhance the protection of cardholder data and prevent credit card fraud. The PCI Data Security Standard consists of a series of requirements which determine the level of technical and operational compliance that must be adhered to by any organisation that stores, processes or transmits cardholder data.
Non-compliance of the PCI DSS could result in the loss of credit card payment ability or substantial fines
Great product - really helped with our PCI compliance
Andy Rodriguez
CTO, KEPSafe Solutions
Non-compliance of the PCI DSS could result in the loss of credit card payment ability or substantial fines. Therefore it is crucial that any company participating in the storage, processing or transmission of credit card data becomes compliant.
The Verisys File Integrity Monitoring system provides a simple solution to many of your PCI DSS compliance requirements. Set out below are a number of PCI DSS requirements and an explanation to help you understand how Verisys addresses these requirements.
"Deploy file-integrity monitoring software to alert personnel to unauthorized modification of critical system files, configuration files, or content files; and configure the software to perform critical file comparisons at least weekly"
Verisys detects changes to files, and alerts key personnel of unauthorised changes or non-compliant behaviour
"Use file-integrity monitoring or change-detection software on logs to ensure that existing log data cannot be changed without generating alerts (although new data being added should not cause an alert)"
Verisys monitors the integrity of log files, alerting key personnel if existing log data is modified
"Promptly back up audit trail files to a centralized log server or media that is difficult to alter"
Verisys Agents can automatically send discrepancy data to a central syslog server, and can save discrepancy reports in XML format to a secure server
"Write logs for external-facing technologies onto a log server on the internal LAN"
Verisys Agents can automatically send discrepancy data to a syslog server on your internal LAN. Agents can also save discrepancy reports in XML format to a server on your internal LAN
"Retain audit trail history for at least one year, with a minimum of three months immediately available for analysis (for example, online, archived, or restorable from back-up)"
Verisys will store discrepancy reports for as long as you wish to retain them. Verisys Agents can also automatically send discrepancy data to the Windows Event Log or syslog