Security Compliance: OSSEC for PCI DSS v3.2

Take a look

OSSEC for PCI DSS Guide

Take a lookCheck this list that describes how OSSEC helps with the specific requirements for PCI DSS compliance.

Get in compliance

The Payment Card Industry Data Security Standard (PCI DSS) was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally. PCI DSS provides a baseline of technical and operational requirements designed to protect cardholder data. PCI DSS applies to all entities involved in payment card processing—including merchants, processors, acquirers, issuers, and service providers, as well as all other entities that store, process or transmit cardholder data (CHD) and/or sensitive authentication data (SAD).

WAZUH implements best-of-breed technical solutions to help companies comply with PCI DSS security controls. It uses a custom IDS ruleset (both for OSSEC and Snort) to detect attacks that could compromise credit card-related data. As well, WAZUH implements best of breed File Integrity Monitoring (FIM) and log management systems.

Ensuring that you are compliant with PCI DSS avoids costly security breaches that can include 100% of responsibility for cardholder losses, brand fines and forensic investigations expenses.

Security controls overview

Security Control Requirements Solutions
Build and Maintain a Secure Network and Systems Install and maintain a firewall configuration to protect cardholder data
Do not use vendor-supplied defaults for system passwords and other security parameters
IDS + Vulnerability Scanner
Policy Enforcement
Protect Cardholder Data Protect stored cardholder data
Encrypt transmission of cardholder data across open, public networks
SIEM + Vulnerability Scanner
NIDS + HIDS
Maintain a Vulnerability Management Program Protect all systems against malware and regularly update anti-virus software or programs
Develop and maintain secure systems and applications
Antivirus + HIDS
Policy Enforcement + Vulnerability Scanner
Implement Strong Access Control Measures Restrict access to cardholder data by business need to know
Identify and authenticate access to system components
Restrict physical access to cardholder data
File Integrity Monitoring
Policy Enforcement
SIEM + Log Management
Regularly Monitor and Test Networks Track and monitor all access to network resources and cardholder data
Regularly test security systems and processes
File Integrity Monitoring + Log Management
Vulnerability Scanner
Maintain an Information Security Policy Maintain a policy that addresses information security for all personnel Policy Enforcement

PCI DSS use case: OSSEC HIDS

Using OSSEC HIDS to become PCI DSS compliant

OSSEC HIDS (Host Intrusion Detection System) provides some of the necessary capabilities to become PCI DSS 3.0 compliant, including file integrity monitoring, intrusion detection, policy enforcement, log messages centralization and alerting, automatically triggering active response rules when necessary. This features, combined with its scalability and multi-platform support makes it a powerful tool to meet the technical compliance requirements.

Some other interesting perks of using OSSEC HIDS are:

  • Integrates well with other solutions like SIEMs or Log Management systems.
  • Highly customizable, easy to add or modify functionality.
  • Can be deployed using software management systems like Chef, Puppet or CFEngine.

As well, OSSEC is easy to deploy in cloud environments (e.g. Amazon AWS) and virtualization platforms. It is a great complement to other security technologies such as Antivirus or NIDS systems, helping detect attacks that otherwise would have been not noticed.

OSSEC helps with the following PCI DSS 3.0 requirements

  • 6.4 Follow change control processes and procedures for all changes to system components.
  • 10.5 Secure audit trails so they cannot be altered. Use file-integrity monitoring or change-detection software on logs to ensure that existing log data cannot be changed without generating alerts.
  • 10.6 Review logs and security events for all system components to identify anomalies or suspicious activity.
  • 11.4 Use intrusion-detection and/or intrusion-prevention techniques to detect and/or prevent intrusions into the network.
  • 11.5 Deploy a change-detection mechanism (for example, file-integrity monitoring tools) to alert personnel to unauthorized modification of critical system files, configuration files, or content files; and configure the software to perform critical file comparisons at least weekly.
  • 12.10 Implement an incident response plan. Be prepared to respond immediately to a system breach.