To protect companies and customers from data loss or theft, many industries and government organizations are subject to regulatory compliance. A common theme in all compliance standards is auditing user activities, particularly access to confidential customer data. EventTracker’s solutions helps to automate the steps required by each standard to insure compliance, and maintain it going forward. With EventTracker, organizations can secure the environment, establish the baseline, track user activity, alert on potential violations, and generate audit ready reports.
Payment Card Industry – Data Security Standard (PCI-DSS)
The Payment Card Industry is a private industry group setup by the major credit card companies to define standards for companies that process card card transactions. The Data Security Standard was defined to prevent credit card fraud, hacking and other security issues. A company processing, storing, or transmitting credit card numbers must be PCI-DSS compliant or they risk losing the ability to process credit card payments. The PCI-DSS includes requirements covering network security, data protection, vulnerability management, access control, monitoring and testing, and information security. According to the PCI data security standard, an organization must be able to monitor, report, and alert on attempted or successful access to systems and data security for those applications that contain sensitive cardholder data, and explicitly calls for the collection and monitoring of event logs.
Using EventTracker to meet PCI-DSS Requirements
Requirement: Establish a process for linking all access to system components (especially those done with administrative privileges such as root) to an individual user.
- Audit the files or directory of any system
- Control the access permission setting of domain wide directory or files from a central console
Requirement: Implement automated audit trails to reconstruct events for all system components.
- Track and monitor all user activities including user logons, user logoffs, user login failures, user added/ deleted/modified, user logon failure/success on VPN servers, and success/failure of critical file access by users
Requirement: Record audit trail entries for each event for all system components.
- Automatic log back-up in a Centralized Warehouse
Requirement: Secure audit trails so they cannot be altered.
- Event archive is compressed, encrypted and stored with an MD-5 checksum to prevent tampering
Requirement: Review logs for all system components at least daily. Log reviews should include those servers that perform security functions like IDS and authentication (AAA) servers.
- Reports Console to create and schedule customized reports and automatically send the summary or detail report at scheduled intervals
Requirement: Retain your audit trail history for a minimum of a one year, with 3 months available on-line.
- No limitation on how long events can be archived on-line