Save & SharePCI DSS
Match the solution to the PCI requirement
Trend Micro offers proven solutions that address most PCI DSS requirements and enable you to truly safeguard your business infrastructure against the compromise of cardholder data. The following table summarizes the products that address each requirement.
PCI Requirement |
Direct Mapping |
Compensating Control |
| 1.1—Establish firewall and router configuration standards. | ||
| 1.2—Firewall connections between untrusted networks and any system containing cardholder data. | ||
| 1.3—Prohibit direct public access between the Internet and any system component in the cardholder data environment. | ||
| 1.4—Install personal firewall software on any mobile and/or employee-owned computers with direct connectivity to the Internet. | ||
| 2.2—Develop configuration standards for all system components. Assure that these standards address all known security vulnerabilities and are consistent with industry-accepted system hardening standards. | ||
| 2.4, A.1—Hosting providers must protect each entity’s environment. | ||
| 3.1—Keep cardholder data storage to a minimum. Develop a data retention and disposal policy. Limit storage amount and retention time to that which is required for business, legal, and/or regulatory purposes, as documented in the data retention policy. | ||
| 3.2—Don’t store authentication info. | ||
| 3.4—Render PAN, at minimum, unreadable anywhere it is stored (including data on portable digital media,…) | ||
| 3.5—Protect cryptographic keys used for encryption of cardholder data against both disclosure and misuse… | ||
| 3.6—Fully document and implement all key-management processes and procedures for cryptographic keys used for the encryption of cardholder data… | ||
| 4.1—Use strong cryptography and security protocols such SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks. | ||
| 4.2—Never send unencrypted PANs by end-user messaging technologies (for example, e-mail, instant messaging, chat). | ||
| 5.1—Deploy antivirus software on all systems commonly affected by malicious software (particularly personal computers and servers). | ||
| 5.2—Ensure that all antivirus mechanisms are current, actively running, and capable of generating audit logs. | ||
| 6.1—Ensure that all system components and software have the latest vendor-supplied security patches installed. | ||
| 6.2—Establish a process to identify newly discovered security vulnerabilities. | ||
| 6.3—Develop software applications in accordance with PCI DSS… | ||
| 6.5—Develop internal and external web applications based on secure coding guidelines. | ||
| 6.6—For public-facing web applications, address new threats and vulnerabilities on an ongoing basis and ensure these applications are protected against known attacks by either of the following methods: - Reviewing public-facing web applications via manual or automated application vulnerability security assessment tools or methods, at least annually and after any changes. - Installing a web-application firewall in front of public-facing web applications. |
||
| 9.7—Control distribution of media containing cardholder data. | ||
| 9.9—Control storage and accessibility of media containing cardholder data. | ||
| 10—Track and monitor all access to network resources and cardholder data. | ||
| 10.5—Secure audit trails so they cannot be altered. | ||
| 11.2—Run internal and external network vulnerability scans at least quarterly and after any significant change in the network … - Note: Quarterly external vulnerability scans must be performed by an Approved Scanning Vendor (ASV) |
||
| 11.3—Perform external and internal penetration testing at least once a year and after any significant infrastructure or application upgrade or modification. | ||
| 11.4—Use intrusion detection systems | ||
| 11.5—Deploy file-integrity monitoring software to alert personnel to unauthorized modification of critical system files, configuration files, or content files; | ||
| 12.6—Implement a formal security awareness program |
