MphasiS helps retail, insurance and financial customers to be compliant with the Payment Card Industry (PCI) standards by offering the following services:
- On-site assessment
- Report of compliance
- Penetration testing (MphasiS or Partner)
- Vulnerability scanning and remediation prioritization (MphasiS PS or Partner)
- Log monitoring and retention
- Intrusion prevention solutions (Host and Network) - Partner
- Web application code reviews
- Web application firewall monitoring and/or management
PCI Compliance Requirements :
Build and Maintain a Secure Network
| Requirements | Solutions |
| Install and maintain a firewall configuration to protect cardholder data |
|
| Do not use vendor-supplied defaults for system passwords and other security parameters. |
|
| Protect Cardholder Data | |
| Protect stored cardholder data |
|
| Encrypt transmission of cardholder data across open, public networks |
|
| Maintain a Vulnerability Management Program | |
| Use and regularly update anti-virus software or programs |
|
| Develop and maintain secure systems and applications |
|
| Implement Strong Access Control Measures | |
| Restrict access to cardholder data by business need-to-know |
|
| Assign a unique ID to each person with computer access |
|
| Restrict physical access to cardholder data |
|
| Regularly Monitor and Test Networks | |
| Track and monitor all access to network resources and cardholder data |
|
| Regularly test security systems and processes |
|
| Maintain an Information Security Policy | |
| Maintain a policy that addresses information security for employees and contractors |
|
<< Back to top
