|
|
| |
|
|
In every organization, there are several network infrastructure devices such as SSL VPNs, Access Gateways, Routers, IPS, Switches, Firewalls, WAN gateways etc. These devices carry critical customer data. All these network devices are managed by various network administrators. These accounts are privileged accounts and are under the purview of PCI compliance. PCI mandates proper and authorized access to these devices by users and comprehensive management of passwords to these devices. In addition, PCI specifically requires the administrators of infrastructure devices like switches, routers, servers and applications to not only reset passwords periodically but also to maintain an audit trail.
The Payment Card Industry Data Security Standard (PCI DSS) has a set of minimum security guidelines to protect sensitive credit card data. Enterprises are required to define and establish access related policies to ensure continuous monitoring with ability to investigate audit trails. Enterprises are also required to conduct risk analytics periodically. Global enterprises which handle credit card data are mandated to stay compliant to avoid penalties.
Some Facts
- Acquirers will be fined $5,000 to $25,000 a month for each merchant who does not comply with PCI standards.
- Other key stakeholders, such as payment gateways, card vendors, and payment application vendors may be required to follow security guidelines in the near future.
- Lost business if not compliant - An estimated 78 percent of consumers will stop shopping where a breach occurs.
- The all-in-cost of a fraudulent or erroneous data breach can range from $182 to $350 per data record in penalties or lost business.
IMAG
IMAG has the ability to connect to different classes of network devices using its Rapid Connector Framework. This framework allows IMAG to provide a unified web interface to the security and compliance administrators by connecting to different network devices in the back end. This connectivity allows the administrators to perform different user management functions, and integrate these devices to employees in the HR database, and also provide unified workflow for authorizations and email infrastructure for reminders/notifications and alerts. RapidConnector also easily integrates web, hosted, client server and legacy applications without any APIs.
|
|
|
|
|
| |
|
 |
PCI compliance mandate periodic password resets for users and administrators with access to critical data. IMAG provides administrator management, agent-less, comprehensive self-service password reset and audit trail for all enterprise applications and IT infrastructure devices like Routers, Switches, and SSL VPNs . IMAG helps organizations meet PCI regulations and reduces audit, re-certification costs.
|
| · |
Automatic Identification of administrators of the network devices and binding to employee names in HR |
| · |
Role based creation of privileged accounts in the network devices |
| · |
Guarantee and report which admin has access to what privileges and devices |
| · |
Unified framework for centrally removing administrative access either on change of role or on termination of employment |
| · |
Self Service password reset for network devices-routers, switches, SSL VPNs etc and for web, custom, legacy and client-server applications |
| · |
Password Reset policies to enable PCI compliance for unsupported applications. Complex password policies based on length, time etc |
| · |
Management of group accounts with common passwords like admin accounts for PCI compliance |
| · |
Time bound access to accounts shared by multiple administrators |
| |
Automatic email reminders on password expiry. |
| |
Extensive reporting for audit trail and compliance needs |
| · |
Quarterly reports on activity for PCI –Helps avoid audit and re-certification costs. |
|
|
 |
| |
|
|
|
Password Policies for PCI
IMAG can be configured to implement complex password policies on length, dictionary attacks and reset times. Reminder emails will be sent to users to reset passwords; notification emails will also be sent with any changes to accounts. Audit records are maintained for compliance reports and audit trails.
Administrator management for PCI
IMAG also provides a comprehensive group management feature to associate and manage passwords for shared accounts like administrator accounts of infrastructure devices like switches, routers and servers. PCI requires that the administrator access be managed when the infrastructure is in the PCI data path. Automatic password resets are triggered with passwords reset and sent to new groups.
|
 |
IMAG provides the ability to create time bound access to accounts shared by multiple administrators ensuring that an administrative account on a network device will be always be disabled. This account will be allowed access to only one user at a time based on requesting access to the account. IMAG’s automated system will reset the password for the account and provide ownership of the account to one of the administrators.
|
|
|
| |
|
|
