The Payment Card Industry Data Security Standard (PCI DSS) is a set of information
security guidelines that are designed to help protect user data and ensure customer
trust. Network Security offers best practices and suggestions to help you meet PCI DSS compliance. However, we recommend working with your auditor to
ensure the security practices in place meet what is necessary for your specific
environment.
Network Security virtual appliances are designed to protect your network traffic from
malicious malware and threats. You can deploy virtual appliances to protect inbound
traffic from external threats and to protect outbound traffic from data exfiltration
or
other insider threats.
The following table defines some of the PCI DSS metrics and gives examples of how
Network
Security can help you meet those requirements.
|
PCI requirement definition
|
Network Security solution
|
|
11.4: Use network intrusion detection and/or
intrusion prevention techniques to detect and/or prevent intrusions
into the network. Monitor all traffic at the perimeter of the
cardholder data environment as well as at critical points inside of
the cardholder data environment, and alert personnel to suspected
compromises. IDS/IPS engines, baselines, and signatures must be kept
up to date.
|
Deploy Network Security virtual appliances. Send alerts to monitor
traffic. Enable sync management to keep security up to
date.
|
|
1.2.1: Limit inbound and outbound traffic to only
what is required for the cardholder data environment and
specifically reject all other traffic.
|
Enable features like Domain filtering and Geolocation filtering to
help meet the individual security needs of your
environment.
|
PCI DSS checklist items
Complete the following checklist items to help your environment become more PCI
compliant.
Prerequisites
Before any PCI DSS requirements can be met, you must successfully deploy Network
Security in your environment.
Add
your Cloud accounts to Network Security. Learn more.
Deploy protection in your environment.
Check to make sure Network Security is successfully deployed and protecting traffic.
Review the assets page for a more detailed view of which assets in your environment
are now protected. Learn
more.11.4 PCI DSS items
Make
sure that Digital Vaccine Auto-Sync is enabled in Network Security. This setting is
automatically enabled to ensure that the latest filters are used to protect your
environment. Learn
more. Set
up event management to send virtual appliance events and alerts for monitoring.- Connect to Splunk or another system log server to send IPS events to your security information and event management (SIEM). Learn more.
- Set up CloudWatch to configure log streaming and monitoring in AWS. Learn more.
Enable TLS inspection to protect inbound TLS-encrypted IPv4 traffic. Learn
more.1.2.1 PCI DSS items
 |
NoteNot all of these checklist items might be required for your environment to meet
1.2.1 PCI DSS compliance. The settings you select should be enabled to meet the
individual needs of your network environment.
|
Enable Geolocation filtering to block incoming and outgoing IPv4 requests by
countries or regions. Learn
more.
Enable Domain filtering to further restrict outbound traffic to known, safe hosts
and to ensure you are only communicating with qualified domain names (FQDNs). Learn
more.Next Steps
We recommend that you reassess your security processes and incident response plans
after you successfully deploy Network Security to make sure you meet all of your
security outcomes in your environment. Some other PCI DSS requirements not covered
in this topic, like 10.8 and 12.10.5, for example, might also be impacted by deploying
Network Security.
For a more in-depth look at PCI compliance in your environment, we recommend using
Trend Micro Cloud One – Conformity. Conformity is a service in the Trend Micro Cloud
One family that analyzes a company's compliance across several standards and
frameworks, including PCI DSS. Learn
more.