PCI DSS Section 8 Compliance

PCI DSS Section 8 Compliance

Ecommerce is one of the most widely used forms of shopping today. The ease of putting your credit card information into a website makes any sort of shopping a breeze. While easy, however, online credit transactions come with a significant amount of risk. If improperly handled, sensitive credit card information can fall into the wrong hands, meaning potential financial disaster for whoever’s information is compromised. Thankfully, the Payment Card Industry Data Security Standard (PCI DSS) was put in place to provide security for credit transactions. Let’s explore PCI DSS together, specifically PCI DSS Section 8 compliance.

What is PCI DSS Section 8 Compliance?

security checklist

PCI DSS Section 8 dictates that, in order to be compliant, companies that deal with sensitive online credit card information must have authorized identities in charge of their cardholder information. In practice, employees that need to access this data must go into a Cardholder Data Environment (CDE) network, which generally requires user credentials coupled with a multi-factor authentication (MFA) token for authorization. To do so, IT organizations need strong identity management.

While strong identity management certainly seems like a given, sometimes it can slip through the cracks. The weight of such a misstep falls on the shoulders of IT admins. Maintaining a directory of secure user identities is a path to PCI DSS Section 8 compliance. Admins also need to enforce strong credentials, add MFA to critical logins, and build the right processes to ensure that all user identities are up-to-date.

An ideal directory service would not only be able to implement these policies, but also be able to do so regardless of platform, protocol, provider, or location. JumpCloud® Directory-as-a-Service® (DaaS) can do just that. Directory-as-a-Service is a cloud directory service for the modern era. Based around an endpoint-centric mindset, DaaS creates hyper-secure user identities in an easy-to-use platform that is capable of being accessed anywhere via the cloud.

JumpCloud & PCI DSS Section 8 Compliance

Section 8 compliance

In their whitepaper on PCI DSS Section 8, compliance analyst firm, Coalfire Systems, investigated JumpCloud Directory-as-a-Service in regards to Section 8 compliance (they also looked at applicability (Read more...)

*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Zach DeMeyer. Read the original post at: https://jumpcloud.com/blog/pci-dss-section-8-compliance/

Zach DeMeyer

Zach DeMeyer

Zach is a writer and researcher for JumpCloud with a degree in Mechanical Engineering from the Colorado School of Mines. He loves being on the cutting edge of new technology, and when he's not working, he enjoys all things outdoors, making music, and soccer.

zach-demeyer has 129 posts and counting.See all posts by zach-demeyer