The Payment Card Industry Data Security Standard (PCI DSS) specifies best practices and security controls needed to keep credit card data safe and secure during transit, processing, and storage. Mainly, organizations must:

  • Build and maintain a secure network
  • Protect cardholder data
  • Maintain a vulnerability management program
  • Implement strong security measures
  • Test and monitor networks on a regular basis
  • Maintain an information security policy

Recently, our Wazuh Cloud platform has been validated as PCI DSS Level 1 Service Provider compliant. The validation was provided by a QSA (Qualified Security Assessor) firm qualified by the PCI Security Standards Council to validate an entity’s adherence to PCI DSS.

The Attestation of Compliance (AoC) serves as evidence for our customers that Wazuh Cloud is compliant with the PCI DSS v3.2.1 security standard. This AoC is effective as of November 3, 2019.

Quick overview of PCI DSS

Launched by five global payment brands (American Express, Discover, MasterCard, Visa, and JCB), Payment Card Industry Data Security Standard (PCI DSS) is a set of standards that require merchants and service providers that store, process, or transmit customer payment card data to adhere to strict information security controls and processes. The standard includes 12 requirements:

  1. Install and maintain a firewall configuration to protect cardholder data
  2. Do not use vendor-supplied defaults for system passwords and other security parameters
  3. Protect stored cardholder data
  4. Encrypt transmission of cardholder data across open, public networks
  5. Use and regularly update anti-virus software or programs
  6. Develop and maintain secure systems and applications
  7. Restrict access to cardholder data to business on a need-to-know basis
  8. Assign a unique ID to each person with computer access
  9. Restrict physical access to cardholder data
  10. Track and monitor all access to network resources and cardholder data
  11. Regularly test security systems and processes
  12. Maintain a policy that addresses information security for all personnel

Read more about the requirements in PCI Security Standards.

Benefits of being PCI DSS compliant

The top benefits that you can expect when an organization achieves PCI DSS compliance are:

  1. Reducing security risks: PCI DSS is a way to improve security by preventing attacks and protecting customer data.
  2. Adhering to security standards: PCI DSS is a set of standards accepted globally. The requirements are clearly defined and auditable.
  3. Trusted service: Our customers can leverage their deployment to our cloud infrastructure knowing that we are compliant with all the PCI requirements. Being compliant is not only ticking boxes but rather a way to improve security for the benefit of the business and its customers.

In summary, PCI DSS is often considered as a good indicator of the ability of an organization to secure any type of sensitive data, even when the service is not processing, storing or transmitting credit card data.

Conclusion

Our main priority at Wazuh is keeping our customers safe. Extensive resources are dedicated to this purpose, and PCI DSS is just the beginning. We are in the process of new security certifications like SOC2. Reach out to us for more information.