PixAlert’s PCI Automated SCOPE Assessment

Reduce PCI DSS Scope, Increase Certification Success

Before an organisation can start to protect sensitive and valuable CHD card holder data, the first step is to find and locate where CHD is stored within an entire data environment.

PixAlert’s PCI Automated SCOPE Assessment provides a fully automated mechanism to find where CHD is stored on any part of the corporate network.  This helps organisations understand the scope and scale of their CHD exposures across their enterprise while creating the necessary groundwork for successful PCI DSS certification.

Enabling Organisations To:

●    Identify where CHD exists
●    Quickly assess PCI DSS scope (as outlined on pages 10-13 of PCI Security Standard Council)
●    Increase CHD audit success rate
●    Improve compliance activity in a structured and continuous process
●    Define an Incident Response Strategy to the mismanagement of CHD
●    Measure Security Policy effectiveness and uptake
●    Measure User Acceptance of existing controls and policies

Benefits To Business:

►    Achieve PCI DSS certification faster
►    Maintain and ensure an easier path to PCI DSS re-certification
►    Realise a greater ROI through improved resource efficiencies
►    Reduce CHD loss/leakage incident rate
►    Manage risk through continuous PCI capability assessment
►    Improve customer security – protect corporate revenue

Preparing For Compliance:

AUDIT

• Through a comprehensive scan of all network wide resources (files servers, mail servers, desktops, laptops), an organisation can efficiently discover and identify where CHD components (both structured and semi-structured card details) are stored on their network.
• PixAlert’s PCI Automated SCOPE Assessments are non-intrusive to existing IT processes and follow a well defined, proven process.
• Intelligent and actionable reporting will provide users with visibility and control over the extent of their CHD components (both in and out of the scope environment).
• In identifying vulnerabilities, it will enable an organization to take proactive, corrective action through the implementation of proper controls and updated risk assessments.

RE-AUDIT

• Regular audits will help to demonstrate that PCI DSS is being continuously monitored and maintained through automated scans and reporting structures which ensure that consistent security measures and compliancy standards are being upheld constantly.

Customers Experience:

CLIENT:

National UK Banking Network - 'Seeking a Solution To Determine What Card Holder Data Exists Within Out-Of-Scope PCI Environment’'

REQUIREMENT:

A national UK Banking Network working towards PCI DSS certification required a solution to accurately determine the scope of their PCI DSS by identifying all locations and flows of cardholder data CHD within and outside the scope of their data environment.  The bank specifically requested a methodology to verify and prove both at time of audit and an ongoing basis that no CHD existed in their out-of-scope environment.

SOLUTION:

PixAlert’s PCI Automated SCOPE Assessment

PROCESS:

A comprehensive, non-intrusive audit of all network resources (files servers, email servers, desktops and laptops) enabled the bank to discover and identify the existence of all cardholder data stored across their network and in particular CHD stored in their out-of–scope environment

OUTCOME:

The audit analysis revealed that 49% of targeted resources were discovered to contain CHD data, many of which were in the bank’s out-of-scope data environment, and identified email exposure risk as ‘very high’.  This information enabled the bank to take corrective action in remediating their CHD and for the purposes of PCI DSS assessment ensure that their data was correctly secured within their in-scope environment.  

CONCLUSION:

PixAlert’s PCI Automated SCOPE Assessment provided the bank with visibility and actionable intelligence over the extent of their data exposure and specifically identified sources of vulnerability.  It enabled the bank to take proactive control to manage their CHD risk while achieving PCI DSS certification. As a result of their initial audit, the bank has chosen to implement PixAlert’s PCI Automated SCOPE Assessment to achieve re-certification and maintain PCI DSS security continuously through regular re-audits and reporting.

See PixAlert’s key enabling toolset capabilities for PCI DSS Compliance, contact PixAlert or read PixAlert’s PCI DSS Positioning White Paper

Other PixAlert Related Resources:

-    PCI DSS –Continuous Risk Based Approach To Addressing Security Threats
-    PCI DSS - Positive Trends Emerge in Latest Compliance Report

Sample Data Report

Description Analysis