PCI DSS Requirements and Your SolarWinds Installations
Several SolarWinds products can help with various areas of the Payment Card Industry (PCI) Data Security Standards (DSS) requirements. The purpose of the PCI DSS is to set a baseline of minimum security for any vendor that takes credit cards. This is good for the consumer as it (theoretically) institutes best practices that reduce the risk of a security breach that could expose their data, making vendors that are PCI compliant less likely to put you and I at risk for identity theft that way. This is good for IT shops because it’s been historically difficult to get IT budget money for security and privacy initiatives, even if you know they are really the right way to do it. PCI is also an ongoing cost for IT, though, because many of the controls are not one-time checkboxes, they are continuous mandates to help you stay out of the headlines.
What Does SolarWinds Do for PCI DSS Compliance?
The PCI DSS is broken down into several sections. These sections cover everything from physical security requirements to secure IT implementation to scanning and monitoring.
SolarWinds Network Configuration Manager (NCM)
NCM is a network configuration management system that provides auditing of network device policies and changes, and allows you to institute change management procedures (including approvals) around device changes. More info about NCM’s features as they apply to PCI compliance can be found here, but here’s the specific items it can help with:
Addressing PCI Requirement 1.1: Establish Firewall and Router Configuration Standards (especially 1.1.1, approval of changes, and 1.1.6, reviewing policies)
Auditing your compliance with PCI Requirement 1.2: Building Restrictive Firewall Configurations, 1.3: Prohibit Direct Public Access, 2.1: Change Default Device Passwords & SNMP Communities/Remove Extra Accounts, 2.3: Allowing Only Encrypted Admin Access to Devices
NCM provides specific reports for PCI compliance to make it easy to audit configuration settings and changes.
SolarWinds Patch Manager
Patch Manager provides integration with native Windows patching technology (WSUS/SCCM) AND provides built-in third-party application patching.
To learn more and to read the entire article at its source, please refer to the following page, PCI DSS Requirements and Your SolarWinds Installations- Solarwinds Blog