The Payment Card Industry (PCI) requires companies that process credit or debit card transactions to comply with 6 control objectives outlined in their Data Security Standard (DSS). These 6 objectives are:
Build and maintain and secure network
Protect cardholder data
Maintain a vulnerability management program
Implement strong access control measures
Regularly monitor and test networks
Maintain an information security policy
These 6 objectives cover a total of 12 requirements that range from implementing safeguards such as firewall and anti-virus software, to implementing and maintaining strict policies for network and data security. Complying with these requirements can be a big job - especially for small- to medium-sized operations with limited IT resources. So it's important to have the right tools in place to make compliance as painless as possible.
The Case for a Firewall Configuration Management Tool
Several of the requirements for PCI compliance have to do with implementing and maintaining firewalls throughout the network. After you've gotten past the "implementing" part, a firewall configuration management tool can help you keep things organized and running smoothly. It can even help with reports and inobtrusive access when the auditors come knocking. Here are a few of the high points of what such a tool can do to help:
Make rules and ACLs easier to read and analyze
Identify redundant and unused rules
Suggest and implement changes based on rule analysis and connectivity needs
Test changes to firewall devices before they're implemented
Provide risk analysis reports for internal and external audits
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community.
More than 150,000 members are here to solve problems, share technology and best practices, and directly
contribute to our product development process.