Home :: Solutions :: By Security Challenge :: Complying with Regulations :: PCI

Ensuring PCI Compliance with CORE IMPACT

It’s no secret that cardholder data presents a tempting target for cybercrime. That’s why the major debit and credit card providers established the Payment Card Industry (PCI) Data Security Standard, which applies to all merchants and service providers that store, process or transmit cardholder data. The PCI Standard mandates basic security best practices that include implementing and ensuring the effectiveness of defensive infrastructure and incident-response programs.

Using CORE IMPACT to test these security measures and programs is one of the easiest things you can do to comply with and validate multiple PCI requirements. IMPACT enables you to run regular, controlled and safe data breach attempts against your security infrastructure, while testing your end users against social engineering attacks. As a result, you can quickly and easily demonstrate whether your security defenses and response plans are in-place and working properly as mandated by the PCI Standard.

Please review the below resources for more information about security testing and PCI compliance:

• Documents
• Presentations
• Related Links

Documents

• PCI Information Supplement: Requirement 11.3 Penetration Testing

PCI DSS Requirement 11.3 addresses penetration testing, which is different than the external and internal vulnerability assessments required by PCI DSS Requirement 11.2. View this document from the PCI Security Standards Council to learn more about this subject and other clarifications concerning Requirement 11.3.

• Business Case / Purchase Justification

This document is intended to help you justify the purchase of CORE IMPACT to assist with PCI compliance initiatives. While CORE IMPACT provides a comprehensive approach to testing your overall information security posture, this document focuses on the product’s ability to validate and prove the compliance of multiple security measures and policies mandated by the PCI Standard.

• CORE IMPACT Product Overview

Get a high-level overview of CORE IMPACT and its revolutionary Rapid Penetration Test (RPT) methodology, which allows you to quickly test the effectively of multiple PCI-mandated security measures.

• CORE IMPACT and the PCI Standard Data Sheet

Learn how CORE IMPACT addresses specific requirements under the PCI Standard.

• PCI-Compliant Security Testing Reports

Visit this page for examples of CORE IMPACT’s reporting capabilities. IMPACT provides full audit trails of all tests performed, providing you with the information you need to validate that PCI-mandated security measures are in-place and working effectively.

• lastminute.com Case Study
  
  
• Virginia Tech Case Study

Learn how these organizations are using CORE IMPACT to comply with the PCI Standard.

Presentations

• On-Demand Webcast - “Maintaining PCI Compliance: A View from the Top”

• Slide Presentation – “Maintaining PCI Compliance: A View from the Top”

Join PCI Council general manager, Bob Russo, for an overview of the PCI DSS, recent modifications to the Standard, and clarifications on the penetration testing requirement.

• On-Demand Webcast – "Security Testing: The Easiest Part of PCI Certification" (18MB; may take 2-3 minutes to load)
  
  

• Slide Presentation – "Security Testing: The Easiest Part of PCI Certification"

Learn about one of the easiest things you can do to comply with and validate multiple PCI requirements.

• SANS What Works Webcast – "Ensuring PCI Compliance at lastminute.com"

Learn how convergence and consolidation efforts prompted lastminute.com to seek additional methods to secure customer credit card information under the PCI Standard.

Related Links

• The PCI Standard
• PCI Supporting Documents

Visit the PCI Security Standards Council website for PDFs of the PCI Standard, the PCI DSS Self-Assessment Questionnaire, the PCI DSS Audit Procedures, and other PCI-related documents.

• Visa Cardholder Security Program
• MasterCard Site Data Protection Program
• American Express Data Security Program

Visit the major payment card company websites to learn more about what you need to do to validate and report your compliance with the PCI Standard.

• Find a QSA (Qualified Security Assessor)

QSAs perform the annual PCI audits required for Level 1 merchants and Level 1 and 2 service providers. Core Security is a QSA (contact us for more information). CORE IMPACT prepares you for PCI audits by validating that mandated security measures are in-place and working properly – and generating a variety of PCI-compliant reports.

• Find an ASV (Approved Scanning Vendor)

ASVs can perform the quarterly network scans required for all levels of merchants and service providers. Core Security is an ASV (contact us for more information). CORE IMPACT works with leading scanners by identifying which found vulnerabilities pose actual threats to your cardholder data – an essential part of any PCI-compliant vulnerability management program.

Core Security White Papers

The Rise of Security Testing
Learn why comprehensive security testing is critical to proactive IT risk management.

• View the white paper

Smarter Security Spending
Learn how comprehensive testing helps to drive increased security ROI in a stormy economy.

• View the white paper

Success Story

"To prove that our security testing is both consistent and unbiased, we´re required to have an outside entity provide us with accreditation. Because of the approach we´ve established testing with CORE IMPACT, and the ability to respond quickly and patch any issues, we remain confident that auditors will recognize that we´ve tested everything to best of our abilities in the same manner that a hacker would."
James Barth
Chief Security Engineer
Teachers Retirement System of Georgia

• Read the full story
• View other success stories
• View more customers