Solutions for PCI DSSAssess and Monitor PCI Compliance
PCI security standards impact virtually every organization involved with credit card processing, including merchants, financial institutions, point-of-sale vendors and hardware/software developers involved in processing payments. Because payment card information is one of the most appealing targets for attackers, protecting payment card transactions and cardholder data (CHD) is crucial.
Potential impact of a credit card breach:
- Lost confidence, so customers go to other merchants
- Legal costs, settlements and judgments
- Diminished sales
- Fines and penalties
- Cost of reissuing new payment cards
- Termination of ability to accept payment cards
- Fraud losses
- Lost jobs (CISO, CIO, CEO and dependent professional positions)
- Higher subsequent costs of compliance
- Going out of business
Maintaining compliance continues to be a challenge for organizations. Nearly half (47.5%) of the organizations assessed for interim PCI DSS compliance validation had not maintained all DSS controls.
2018 Payment Security Report, Verizon.
Benefits of The Solution
Covers virtually all in-scope assets in cardholder data environments, including servers, databases, web applications and network devices.
Streamline Compliance Documentation
Simplifies the work of documenting compliance status with out-of-box scan and reports templates.
Accelerates security risk assessment to quickly identify and prioritize vulnerabilities and misconfigurations.
Eliminate internal hosting and administration costs with Tenable.io, hosted in the cloud.
The Tenable solution starts with a foundation of Tenable.sc or Tenable.io, and then builds on the foundation by adding Tenable.io PCI ASV and Tenable.io Web Application Scanning, as needs require.
(PCI DSS 2.2)
(PCI DSS 6.1)
(PCI DSS 6.2)
(PCI DSS 6.6)
(PCI DSS 11.2.1)
(PCI DSS 11.2.2)
Tenable.sc(™), the on-premises Cyber Exposure platform, evaluates vulnerability and configuration data across the cardholder data environment. Prioritize security risks and provide clear insight into PCI DSS compliance.
This comprehensive PCI DSS solution provides the continuous visibility, critical context and actionable intelligence service providers and merchants need to monitor PCI technical controls, year-round.
- Automate host activity data collection and review. Identify threats to cardholder data in near real-time.
- Maintain compliance between assessments.
- Measure and communicate your PCI compliance program status with all stakeholders.
Tenable.io®, the cloud-based Cyber Exposure platform, helps protect cardholder data whether it is being captured by an ecommerce website, or stored on-premises or in the cloud.
Tenable.io and available applications address multiple PCI DSS compliance requirements to help organizations measure and manage cyber risk well beyond the assets that are in scope for PCI DSS. Tenable.io eliminates blind spots with the industry’s most comprehensive visibility into traditional and modern assets, such as cloud, mobile devices, containers and web applications.
- Identify and prioritize vulnerabilities and misconfigurations across modern assets.
- Integrate with ITSM solutions to streamline remediation workflows.
- Verify that patches have remediated vulnerabilities.
Tenable.io® PCI ASV, an add-on to Tenable.io®, streamlines verification of adherence with the PCI Data Security Standard 11.2.2 requirement for external vulnerability scanning.
Pre-configured scan templates and an efficient evidence/dispute resolution process lets you quickly run scans, submit attestation requests and resolve disputes.
- Meet quarterly PCI ASV scanning requirements with minimal impact on staff resources.
- Scan yassets when convenient for your organization, and rescan as needed to obtain a result that is ready for review.
- Streamline the resolution process by batching disputes and reusing previously submitted dispute documentation.
Tenable.io® Web Application Scanning delivers safe and automated vulnerability scanning for your in-scope web applications.
Tenable.io Web Application Scanning safely, accurately and automatically scans your web applications, providing deep visibility into vulnerabilities and valuable context to prioritize remediation.
- Understand the sitemap applications layouts to identify in-scope web application
- Scan HTML5 and single page applications, along with traditional HTML apps.
- Enable highly automated no-touch scans for continuous protection. Easily define the frequency of automated testing.