The Payment Card Industry (PCI) requires companies that process credit or debit card transactions to comply with 6 control objectives outlined in their Data Security Standard (DSS). These 6 objectives are:

  1. Build and maintain and secure network
  2. Protect cardholder data
  3. Maintain a vulnerability management program
  4. Implement strong access control measures
  5. Regularly monitor and test networks
  6. Maintain an information security policy

These 6 objectives cover a total of 12 requirements that range from implementing safeguards such as firewall and anti-virus software, to implementing and maintaining strict policies for network and data security. Complying with these requirements can be a big job - especially for small- to medium-sized operations with limited IT resources. So it's important to have the right tools in place to make compliance as painless as possible.

 

The Case for a Firewall Configuration Management Tool

Several of the requirements for PCI compliance have to do with implementing and maintaining firewalls throughout the network. After you've gotten past the "implementing" part, a firewall configuration management tool can help you keep things organized and running smoothly. It can even help with reports and inobtrusive access when the auditors come knocking. Here are a few of the high points of what such a tool can do to help:

  • Make rules and ACLs easier to read and analyze
  • Identify redundant and unused rules
  • Suggest and implement changes based on rule analysis and connectivity needs
  • Test changes to firewall devices before they're implemented
  • Provide risk analysis reports for internal and external audits

 

One such tool recently came to SolarWinds by way of our acquisition of Athena Security: Firewall Security Manager (previously Athena FirePAC). For additional information about what FSM can do to help you maintain PCI compliance, check out the Athena Security Technology Brief, "PCI Compliance Audit Using SolarWinds Firewall Security Manager."