Security Compliance: OSSEC for PCI DSS v3.2
Take a look
OSSEC for PCI DSS GuideTake a look
Check this list that describes how OSSEC helps with the specific requirements for PCI DSS compliance.
The Payment Card Industry Data Security Standard (PCI DSS) was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally. PCI DSS provides a baseline of technical and operational requirements designed to protect cardholder data. PCI DSS applies to all entities involved in payment card processing—including merchants, processors, acquirers, issuers, and service providers, as well as all other entities that store, process or transmit cardholder data (CHD) and/or sensitive authentication data (SAD).
WAZUH implements best-of-breed technical solutions to help companies comply with PCI DSS security controls. It uses a custom IDS ruleset (both for OSSEC and Snort) to detect attacks that could compromise credit card-related data. As well, WAZUH implements best of breed File Integrity Monitoring (FIM) and log management systems.
Ensuring that you are compliant with PCI DSS avoids costly security breaches that can include 100% of responsibility for cardholder losses, brand fines and forensic investigations expenses.
Security controls overview
|￼Build and Maintain a Secure Network and Systems
||Install and maintain a firewall configuration to protect cardholder data
Do not use vendor-supplied defaults for system passwords and other security parameters
|IDS + Vulnerability Scanner
|Protect Cardholder Data
||Protect stored cardholder data
Encrypt transmission of cardholder data across open, public networks
|SIEM + Vulnerability Scanner
NIDS + HIDS
|￼￼Maintain a Vulnerability Management Program
||Protect all systems against malware and regularly update anti-virus software or programs
Develop and maintain secure systems and applications
|Antivirus + HIDS
Policy Enforcement + Vulnerability Scanner
|Implement Strong Access Control Measures
||Restrict access to cardholder data by business need to know
Identify and authenticate access to system components
Restrict physical access to cardholder data
|File Integrity Monitoring
SIEM + Log Management
|Regularly Monitor and Test Networks
||Track and monitor all access to network resources and cardholder data
Regularly test security systems and processes
|File Integrity Monitoring + Log Management
|￼￼￼Maintain an Information Security Policy
||Maintain a policy that addresses information security for all personnel
PCI DSS use case: OSSEC HIDS
Using OSSEC HIDS to become PCI DSS compliant
OSSEC HIDS (Host Intrusion Detection System) provides some of the necessary capabilities to become PCI DSS 3.0 compliant, including file integrity monitoring, intrusion detection, policy enforcement, log messages centralization and alerting, automatically triggering active response rules when necessary. This features, combined with its scalability and multi-platform support makes it a powerful tool to meet the technical compliance requirements.
Some other interesting perks of using OSSEC HIDS are:
- Integrates well with other solutions like SIEMs or Log Management systems.
- Highly customizable, easy to add or modify functionality.
- Can be deployed using software management systems like Chef, Puppet or CFEngine.
As well, OSSEC is easy to deploy in cloud environments (e.g. Amazon AWS) and virtualization platforms. It is a great complement to other security technologies such as Antivirus or NIDS systems, helping detect attacks that otherwise would have been not noticed.
OSSEC helps with the following PCI DSS 3.0 requirements
6.4 Follow change control processes and procedures for all changes to system components.
10.5 Secure audit trails so they cannot be altered. Use file-integrity monitoring or change-detection software on logs to ensure that existing log data cannot be changed without generating alerts.
10.6 Review logs and security events for all system components to identify anomalies or suspicious activity.
11.4 Use intrusion-detection and/or intrusion-prevention techniques to detect and/or prevent intrusions into the network.
11.5 Deploy a change-detection mechanism (for example, file-integrity monitoring tools) to alert personnel to unauthorized modification of critical system files, configuration files, or content files; and configure the software to perform critical file comparisons at least weekly.
12.10 Implement an incident response plan. Be prepared to respond immediately to a system breach.