DO YOU NEED TO DEMONSTRATE PCI COMPLIANCE
PCI DO YOU NEED TO DEMONSTRATE PCI COMPLIANCE? PCI COMPLIANCE PLACES STRICT STANDARDS ON ORGANIZATIONS THAT COLLECT, PROCESS AND TRANSMIT CARDHOLDER DATA. D espite the potential for multi-million-dollar fines for non-compliance, many organizations struggle to meet PCI standards. Much of this problem can be attributed to a lack of visibility into how internal users (employees and vendors) handle cardholder data. ObserveIT can help any organization satisfy its PCI requirements within minutes. With detailed logs and visual recordings of all user activity – on any server, workstation or application – ObserveIT exceeds the strictest interpretation of PCI requirements with conclusive evidence for compliance auditors. With ObserveIT, audit reports can be completed in a fraction of the time, with the ability to instantly search, analyze and view video-like playback of any session. REQUIREMENT 6 DEVELOP AND MAINTAIN SECURE SYSTEMS AND APPLICATIONS ObserveIT monitors and records all user activity on company computers, and generates a comprehensive, searchable audit log tied to video recordings of every user action. With ObserveIT, every application automatically has a compliance audit log component, regardless of the application’s origin. ObserveIT also offers the flexibility to deploy new and updated applications at any time, without the need to deploy new audit protocols. REQUIREMENT 8 ASSIGN UNIQUE ID TO EACH PERSON WITH COMPUTER ACCESS ObserveIT requires individual credentials to log onto a server or network, even when using a shared account (such as “administrator” or “root”), ensuring that every action will be recorded and attributed an individual user. All visual and textual metadata logs are tied to the specific user, providing unparalleled visibility into who is doing what and when. REQUIREMENT 10 MONITOR ACCESS TO NETWORK RESOURCES AND CARDHOLDER DATA ObserveIT offers a feature that identifies individual users logging in to servers using generic ‘administrator’ or other shared accounts. When logging into a server using a shared-user account, ObserveIT presents a secondary identification window, where that user must sign in with their second set of credentials in order to access the server. Video recordings and activity logs are then tied to that specific user. ObserveIT provides an unequivocal audit trail of user activity, along with bulletproof evidence as to who did what on which servers. This dramatically eases root cause and forensic analysis. The system’s advanced keyword search makes it easy to discover specific user actions based on application name, user name, window title, text typed/pasted and more. REQUIREMENT 12 MAINTAIN POLICY THAT ADDRESSES IT SECURITY FOR ALL PERSONNEL ObserveIT offers a ‘just-in-time policy messaging’ feature that delivers important messages and updates about corporate policies generally, or for specific applications and servers. This ensures that all users have been informed of, and have agreed to, the relevant security policies and procedures before logging on. This feature can also deliver critical information to remote users each time they log on. www.observeit.com
© Copyright 2024