PCI
DO YOU
NEED TO
DEMONSTRATE
PCI
COMPLIANCE?
PCI COMPLIANCE PLACES STRICT
STANDARDS ON ORGANIZATIONS THAT
COLLECT, PROCESS AND TRANSMIT
CARDHOLDER DATA.
D
espite the potential for multi-million-dollar ﬁnes for non-compliance, many
organizations struggle to meet PCI standards. Much of this problem can be
attributed to a lack of visibility into how internal users (employees and
vendors) handle cardholder data.
ObserveIT can help any organization satisfy its PCI
requirements within minutes. With detailed logs and visual
recordings of all user activity – on any server, workstation
or application – ObserveIT exceeds the strictest
interpretation of PCI requirements with conclusive
evidence for compliance auditors. With ObserveIT, audit
reports can be completed in a fraction of the time, with the
ability to instantly search, analyze and view video-like
playback of any session.
REQUIREMENT 6
DEVELOP AND MAINTAIN SECURE
SYSTEMS AND APPLICATIONS
ObserveIT monitors and records all user activity on company computers, and generates
a comprehensive, searchable audit log tied to video recordings of every user action.
With ObserveIT, every application automatically has a compliance audit log component,
regardless of the application’s origin. ObserveIT also oﬀers the ﬂexibility to deploy new
and updated applications at any time, without the need to deploy new audit protocols.
REQUIREMENT 8
ASSIGN UNIQUE ID TO EACH PERSON
WITH COMPUTER ACCESS
ObserveIT requires individual credentials to log onto a server or network, even when
using a shared account (such as “administrator” or “root”), ensuring that every action will
be recorded and attributed an individual user. All visual and textual metadata logs are
tied to the speciﬁc user, providing unparalleled visibility into who is doing what and when.
REQUIREMENT 10
MONITOR ACCESS TO NETWORK
RESOURCES AND CARDHOLDER DATA
ObserveIT oﬀers a feature that identiﬁes individual users logging in to servers using
generic ‘administrator’ or other shared accounts. When logging into a server using a
shared-user account, ObserveIT presents a secondary identiﬁcation window, where that
user must sign in with their second set of credentials in order to access the server. Video
recordings and activity logs are then tied to that speciﬁc user.
ObserveIT provides an unequivocal audit trail of user activity, along with bulletproof
evidence as to who did what on which servers. This dramatically eases root cause and
forensic analysis. The system’s advanced keyword search makes it easy to discover
speciﬁc user actions based on application name, user name, window title, text
typed/pasted and more.
REQUIREMENT 12
MAINTAIN POLICY THAT ADDRESSES IT
SECURITY FOR ALL PERSONNEL
ObserveIT oﬀers a ‘just-in-time policy messaging’ feature that delivers important
messages and updates about corporate policies generally, or for speciﬁc applications and
servers. This ensures that all users have been informed of, and have agreed to, the
relevant security policies and procedures before logging on. This feature can also deliver
critical information to remote users each time they log on.
www.observeit.com