For any company involved with online credit card transactions, the Payment Card Industry Data Security Standard (PCI DSS) audit is the IT admin’s annual hurdle. In order to be compliant, sysadmins need to make sure their networks are up to snuff. So, when approaching your PCI day (or weeks/months in reality) of reckoning, consider preparing for your PCI DSS audit by leveraging JumpCloud® Directory-as-a-Service® for some of your PCI Section 8 and 10 needs.
CoalFire’s Take on JumpCloud for PCI Compliance
In their recent white paper, the widely respected PCI compliance assessor, CoalFire Systems, evaluated JumpCloud’s usefulness in regards to PCI DSS compliance, as well as its overall effectiveness in supporting compliance activities (Coalfire also reviewed JumpCloud for HIPAA and GDPR compliance as well). CoalFire’s assessment consisted of six main tasks.
- A technical overview of the JumpCloud Directory-as-a-Service platform as a whole.
- A review of installation of the JumpCloud Agent for each of the three major operating systems (Windows®, macOS®, and Linux®).
- An assessment of JumpCloud’s authentication functionality.
- An assessment of the same functionality with regards to PCI standards.
- An exploration of JumpCloud’s event logging API with regards to PCI standards.
- A comparison of JumpCloud password management against PCI standards.
Before we explore CoalFire’s results, let’s look into what PCI requires for section 8 and 10 compliance.
PCI DSS Requirements
During their assessment process, CoalFire mainly tested the JumpCloud Directory-as-a-Service platform against PCI DSS Requirements 8 & 10. At its core, PCI DSS Requirement 8 is all about ensuring the right users are securely accessing critical IT resources – mainly systems. This concept is generally the underlying goal of a directory service such as JumpCloud, but with the complexity of the modern IT scene, having a secure, unified user identity is harder than it seems.
PCI Requirement 10 is all about monitoring the flow of company information, most importantly regarding credit card and other financial information. Having the ability to see a repository of logged events is crucial in doing so. Thankfully, JumpCloud has a built-in event logging API feature, which (Read more...)
*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Zach DeMeyer. Read the original post at: https://jumpcloud.com/blog/preparing-for-your-pci-dss-audit-with-jumpcloud/