The Payment Card Industry Data Security Standard (PCI DSS) was developed by major credit card companies like MasterCard and Visa to increase consumer confidence in using credit cards for electronic payment. The standard applies to all merchants, financial institutions, service providers, and others that use, store, process, or transmit payment cardholder data. It ensures that these organizations take due care and diligence to prevent credit card fraud, identity theft, and hacking, and addresses many other security issues as well. The standard has 12 requirements designed to ensure the confidentiality and integrity of customer information.

Wrap Your Arms Around This

Secure Computing has the integrated and secure product solutions to get your arms wrapped around this new standard. What's more, you'll find these solutions will also help with compliance requirements common to many other security regulations. Refine your data protection now so you can increase consumer confidence in using credit cards, while also preparing your organization to pass upcoming audits and avoid costly penalties.

Highlights
New White Paper! LOCK DOWN APPLICATIONS For PCI Compliance Start at the network perimeter with solid network and application-layer firewalls.	PCI DSS LEADERSHIP Secure Computing is a member of the PCI Security Standards Council > > See Web site	Download White Paper Embracing PCI—Making it work for you Increase consumer confidence in using credit cards, avoid costly penalties, and prepare for upcoming audits.

Use this home page to navigate to our resources available here and on the Internet, as well as from our home Secure Computing Web site.

Secure Computing® delivers a broad range of technologies to get your arms wrapped around PCI DSS with confidence. These products are packaged in our integrated Identity and Access Management, Messaging, and Network Gateway security products: Secure Safeword®, Secure Mail (IronMail), Secure Web (Webwasher), Secure Firewall (Sidewinder) and Secure SnapGear®.

High-level mapping between PCI DSS and Secure Computing products*
Click on the Product Area column headings or the checkmarks below for more information on how Secure Computing helps with these requirements.

Secure Computing Product Areas
PCI DSS Requirements		Identity & Access >>more	Messaging Gateways >>more	Network Gateway >>more
Build and Maintain a Secure Network
1	Firewall
2	Unique Passwords
Protect Cardholder Data
3	Protect stored data
4	Encryption
Maintain a Vulnerability Management Program
5	Anti-virus
6	Secure systems and applications
Implement Strong Access Control Measures
7	Restrict data access
8	Unique computer IDs
9	Restrict access to cardholder data
Regularly Monitor and Test Networks
10	Track data access across networks
11	Test security
Maintain an Information Security Policy
12	Security policies

*Each of the 12 requirements represents several sub-requirements. Checkmarks represent mapping with one or more sub-requirements.

White papers

Lock Down Applications for PCI DSS Compliance
Network and application-layer firewalls drive compliance with the Payment Card Industry's Data Security Standard. Written by Ziff Davis Enterprise, this white paper tells how businesses can wrestle their data centers and networks into PCI DSS compliance. Download this white paper to learn about the requirements and solid strategies your company can implement now. You'll discover that the best place to start is at the network perimeter, with solid network and application-layer firewalls to keep unauthorized traffic out.

Embracing PCI—Making it work for you
With the recent rise in data breaches and identity thefts, implementing a sound information security program is no longer optional. Companies processing credit card information are encouraged to embrace and implement sound data protection strategies to protect the confidentiality and integrity of payment information. Some of the challenges for achieving PCI compliance are outlined in this white paper, as well as successful tips to help organizations navigate through them. Although challenges exist, organizations should remain encouraged and focused, because the benefits are many.

Meeting and Exceeding PCI 1.1 Compliance Today
The primary purpose of this standard is to protect credit card data by reducing fraud and theft. The PCI standard seeks to accomplish this through a "defense-in-depth" strategy. There are six primary areas covered by PCI, divided into 12 requirements. This paper discusses these requirements, and how Secure Computing's portfolio of security solutions can help enterprises meet and exceed the basic compliance requirements of the Payment Card Industry Data Security Standard (PCI DSS), version 1.1.

Podcast
8-minute podcast: Lock Down on Applications for PCI DSS Compliance

Secure PCI Blog
Read the official Secure PCI Blog to find out what is happening in the world of PCI DSS.

Solutions Data Sheet
PCI Security Solutions

Customer Case Study
Plexus Systems

PCI DSS Requirements
Download document

More Resources
PCI Security Standards Council
PCI on Wikipedia
Visa CISP/PCI
Mastercard's SDP/PCI
PCI DSS Compliance Demystified

Latest Research on Threats

Secure Computing is pleased to offer additional PCI services through our network of valued partners.

FishNet Security, Inc.

Through the use of strategic methods that only a risk management firm can offer, FishNet Security offers far more than the typical "checklist audit" firm. Instead, our consultants utilize a time-tested, adaptable and scalable PCI methodology, and can execute on the following PCI offerings:

• Readiness Review
• Pre-engagement Scoping
• System Inventory & Discovery
• Cardholder Data Flow Discovery
• Gap Analysis
• Remediation
• Onsite Assessment & Certification
• Payment Application Assessment & Certification
• ASV Vulnerability Scanning

FishNet Security holds QSA, ASV, and QPASC PCI certifications.

More information can be found at www.fishnetsecurity.com/PCI

Accudata Systems, Inc.

Accudata Systems is an IT consulting and integration firm with more than twenty-six years of experience providing high impact IT services and integrated solutions. As an approved QSA with experienced PCI consultants, Accudata Systems is qualified to provide clients with:

• Annual on-site PCI DSS assessments
• Pre-PCI audits and remediation services
• Assistance with the completion of the Self-assessment Questionnaire
• Consultation on payment processes and architectural design

More information can be found at www.accudatasystems.com/Sol_PCI.htm

SynerComm, Inc.

SynerComm's PLANsmart Security Audit, Security Posture Assessment, Penetration Testing, and Risk Assessment services are designed to provide visibility into the current security posture of your key business processes and the security threats to your environment so your organization can effectively identify and manage risks. Our current offerings include:

• PCI DSS readiness assessment
• Annual FFIEC Independent Audit
• Application specific assessments (E-commerce and IP Telephony)
• Email and Web Classified Data Leakage Assessments

More information can be found at www.synercomm.com

Aurora Enterprises

Since 1990, security-conscious companies have turned to Aurora. Our team of experts helps our clients conquer the complex challenges of securing and encrypting critical data. With clients throughout the US, from governments to small and large businesses, Aurora has a proven history of protecting corporate and government informational assets.

Our PCI DSS implementation and compliance services can assess the needs of a company and implement the software, hardware and procedures required to achieve PCI compliance.

More information can be found at www.auroraent.com or www.auroraent.com/faqs.html

Accuvant

Accuvant offers a wide variety of PCI services including:

• PCI Gap Analysis - identify PCI gaps and offer solutions to common PCI compliance shortfalls
• Annual On-Site PCI Data Security Assessment - provide on-site data security assessments
• Payment Application Security Assessment - provide an on-site application security assessment
• Policy/Standards Development and Technology Services - provide end-to-end remediation solutions, from assisting in process and policy development to integration of security technologies
• Compliance Program Development - develop integrated compliance programs that map to PCI requirements
• PCI Quarterly Network Scan - provide quarterly vulnerability scans and reporting required for compliance
• PCI Portal Suite - online, searchable knowledgebase of PCI information

Accuvant holds QPASC, QSA and ASV certifications.

More information can be found at www.accuvant.com/compliance/compliance_pci.html

Performance Network Solutions

Performance's Security Services offer the end user a full and in-depth security analysis. We are certified in every Secure Computing product and have experience deploying both hardware and software devices. We can help you become PCI compliant.

Our current offerings include:

• External Vulnerability Assessment
• Internal Vulnerability Assessment
• Penetration Testing
• System Activity Review
• Wireless Security Survey
• War Dialing
• Intrusion Detection Assessment
• Business Impact Assessment
• Social Engineering
• Risk Analysis

Performance Network Solutions works with ISO 17799 Accredited Lead Auditors. This is the best practice standard for IT risk management and compliance.

More information can be found at www.PerformanceNS.com/PCI.asp