The Payment Card Industry Security Standards Council (PCI SSC) formulated Payment Card Industry Data Security Standard (PCI DSS) to set standards to the organisations that store, process and transmit hard holder data. PCI DSS intends on preventing identity data theft by adding an additional level of protection.
PCI DSS applies to all the companies that transmits, stores or processes primary account numbers (PAN) or cardholder data both online and offline. The cardholder data includes primary account numbers (PAN), cardholder name, expiry date, service codes, sensitive authentication data (SAD). PCI DSS compliance is a mandate ad is regardless of the size of the merchant or the number of card transactions processed per year.
This basically includes - financial institutions such as banks, insurance companies, brokerage firms, lending agencies, all merchants from hospitals, pharmacies, schools, universities, government agencies, restaurants and e-commerce companies and service providers. PCI council has also defined the rules for software / hardware developers and device manufactures.
A remote access software is designed to let authorized technicians access and troubleshoot computers across the globe. This might involve an exchange of business data in and out of the corporate infrastructure over the internet. If your business typically needs to comply with PCI mandates, then you need to ensure that your remote access software is PCI DSS ready.
Requirement | Requirement Description |
---|---|
Build and Maintain Secure Network and Systems |
|
Protect Cardholder Data |
|
Maintain a Vulnerability Management Program |
|
Implement Strong Access Control Measures |
|
Regularly Monitor and Test Networks |
|
Maintain an Information Security Policy |
|
Remote Access Plus has a set of security features that will let you achieve the PCI DSS v3.0 mandates that are specific to remote access solutions. The following table outlines the PCI DSS control requirements that are fulfilled by Remote Access Plus.
The requirement description listed is taken from the PCI Security Standards Council website : https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2.pdf
Requirement | How Remote Access Plus fulfills the requirement? |
---|---|
Build and maintain a secure network | |
Install and maintain a firewall to protect user data |
Remote Access Plus servers are hosted at a highly reliable and secure carrier-grade data centers. Remote Access Plus is also available on-premises which will ensure complete control your business-critical information. |
Change / disable vendor-supplied default passwords before installing a system on the network. |
Remote Access Plus lets administrators and technicians define their own passwords. Additionally, Remote Access Plus follows stringent password policies and two-factor authentication to escape intruders. |
Protect card-holder data | |
Encrypt card-holder data transmission |
Remote Access Plus on-premises, does not hold any customer data. Every detail is stored in a database within the customers' enterprise. In case of Remote Access Plus cloud, every information in transit across public networks is completely protected by an end-to-end 256-bit AES encryption. |
Protect stored data |
Administrators can tailor roles and define scope for technicians preventing them from accessing information elevated to their privileges. Furthermore, administrators can restrict technicians from accessing File Manager and Command Prompt. This will forbid them from exporting files from remote computers. |
Maintain a vulnerability management program | |
Maintain a vulnerability management program |
Remote Access Plus servers are maintained in hardened operating systems with proper patching practices. |
Implement strong access control measures | |
Restrict access to data |
|
Assigning unique ID to technicians |
Technicians cannot view, access, or modify settings established by administrators. Technicians are assigned with unique passwords. In case of Remote Access Plus cloud, technicians can set-up their own passwords. The administrators can also instantly revoke access to terminated technician(s). |
Restrict access to cardholder data |
Remote Access Plus on-premises, does not hold any personal- critical data of the customer. The data is stored within the customer's database. In case of Remote Access Plus cloud, the data transfer is completely secure under a highly reliable environment. |
Regularly monitor and test networks. | |
Monitor all access to network resources and cardholder data. |
Remote access solutions must strongly emphasis on accountability. Remote Access Plus lets you perceive information on the all the remote sessions initiated by recording them. Audit-ready reports on remote sessions with the start time, end time, and duration, reports on chat sessions, registry value exports and more. |
Regularly test security systems and processes. |
Remote Access Plus sticks to stringent security policies and continuously reviews its software, policies and data centres for security. |
Maintain an information security policy | |
Maintain access controls |
|
Maintain audit controls |
|
Have you any queries on Remote Access Plus, feel free to shoot us a line at
remoteaccessplus-support@manageengine.com