Bardon Data Systems Software Products and PCI Security Standards
Bardon Data Systems
The PCI Security Standards Council is an independent body formed to develop, enhance, disseminate and assist with the implementation of security standards for payment account security. Compliance is necessary for merchants, processors, and POS providers who process and transmit electronic payments. The PCI Security Standards Council was founded by American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International. The website for the PCI Security Standards Council is at https://www.pcisecuritystandards.org/tech/index.htm.
How Bardon's Software Products Address PCI Security Standards
Below are the PCI security standards that must be followed by all relevant businesses, and information on how Bardon Data Systems software products WinU, Full Control, and Full Control Internet can help companies address these requirements.
Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Firewall capabilities are included with all recent business versions of Windows. Bardon's software products are designed to integrate well with such offerings.
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
Bardon's software products provide multiple layers of administrator-designatable password protection and can even password-protect individual programs, if desired. Bardon's software products can be set up to require a separate password to access the Windows interface, administration, and technical features beneath the POS application.
Protect Cardholder Data
Requirement 3: Protect stored cardholder data
Bardon's software products offer File Control, Window Control, Allowed Programs and other security components to protect data stored on the computer, as well as protecting data stored elsewhere that is merely accessed through that computer.
Requirement 4: Encrypt transmission of cardholder data across open, public networks
Bardon's software products protect against inappropriate access of data on the local computer, and are designed to be compatible with products that oversee the transmission of data across networks.
Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update anti-virus software
Anti-virus products are broadly available from a number of well-established vendors. Bardon's software products are designed to be compatible with all major anti-virus offerings.
Requirement 6: Develop and maintain secure systems and applications
Bardon's software products can provide a solid security layer under any Windows application. They offer many layers of protection including File Control, Window Control, and Allowed Programs to protect data stored on the computer, as well as protecting data stored elsewhere that is merely accessed through that computer. They can limit access to certain users by many means.
Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data by business need-to-know
Bardon's software products restrict access to those with correct passwords, and by other means, as needed. They harden the operating system so that even systems with weak logon ID capabilities can address this requirement. After logon, they monitor all activity in real-time to track who is using what program, and create logs of system activity that can be set to a highly detailed level, down to tracking individual keystrokes for each user if desired.
Requirement 8: Assign a unique ID to each person with computer access
This is generally accomplished with a logon ID. Bardon's software products harden the operating system so that even systems with weak logon ID capabilities can address this requirement. After logon, they monitor all activity in real-time to track who is using what program.
Requirement 9: Restrict physical access to cardholder data
Bardon's software products restrict computer access to those with appropriate access credentials, even on operating systems that cannot do this inherently. It is also important to limit physical access, for example by keeping important disk drives and tape backups securely under lock and key.
Regularly Monitor and Test Networks
Requirement 10: Track and monitor all access to network resources and cardholder data
Bardon's software products can be configured to log all "allowed" access to cardholder data, and to forbid other access.
Requirement 11: Regularly test security systems and processes
By offering a solid and testable security layer, Bardon's software products can assist in this staff procedural requirement.
Maintain an Information Security Policy
Requirement 12: Maintain a policy that addresses information security
Bardon's software products can be an integral component in addressing information security. Their comprehensive features can log and monitor all program usage, prevent unauthorized access, and lock down the system so only allowed processes can take place. Significant administrative tools allow administrators to oversee and monitor the usage of multiple systems.
Stringent PCI Requirements
The PCI Security Council is explicit about the standards necessary for payment account security. Though the anti-virus, firewall, and encryption requirements can be readily addressed through a variety of industry-standard offerings (free open-source products, options included with Windows, and other solutions), the remaining PCI requirements can prove to be problematic. Bardon's software products address the many parts of the PCI workstation security requirements that cannot be handled by these other offerings. They harden the Windows computer to a level equal to or exceeding the standards specified by the PCI Security Council.
The PCI security standards present unique challenges to system administrators who must incorporate them into a larger IT infrastructure. Bardon's products WinU, Full Control, and Full Control Internet provide practical tools to address PCI security requirements in your Windows computers.