PCI DSS Compliance Solutions Data Sheet

Cut through the complexity of achieving PCI DSS compliance requirements.

What's the point of PCI DSS compliance requirements?

The Payment Card Industry (PCI) Security Standards Council (an organization formed by the card brands) created the PCI Data Security Standard (DSS) to ensure that businesses follow best practices for protecting their customers’ payment card information.

The same technologies that make everyday business efficient also make it easy for hackers to access sensitive information. That’s why a business taking “just a handful” of credit cards is no less obligated to protect that card data than the major retailer running thousands of transactions.

When fully and accurately implemented, the 12 requirements of the PCI DSS work together to provide your business with defense-in-depth; that is, multiple layers of security that make it much more difficult for an attacker to gain access to your customers’ payment card data. Studies have shown that cyber thieves and their automated tools most often seek out basic mistakes such as weak passwords, misconfigured technologies and uneducated employees. The PCI DSS addresses these and other areas of weakness to effectively shield your business.

PCI Compliance is a big deal for small merchants. We make it easy.

ControlScan recognizes that security and compliance go hand-in-hand. As a result, we offer a suite of security solutions that help you achieve PCI DSS compliance and improve your overall security posture. We also employ a team of security experts to provide guidance on your layered, security defense strategy and answer any questions that you may have.

The following table maps the PCI DSS requirements to the ControlScan security solution and/or service that can help you satisfy the requirement. We encourage you to contact our team of security and compliance experts if you have any questions about these services or how to achieve compliance.

PCI DSS 3.x Requirements
PCI Requirement Addressed
Solution/Service Needed to Satisfy
ControlScan PCI DSS Compliance Solutions that satisfy the requirements

Requirement 1:
Install and maintain a firewall configuration to protect cardholder data

1.1, 1.2, 1.3 and 1.5

Unified Threat Management Firewall

Unified Threat Management Firewall (UTM Firewall) provides continuous network monitoring and protection against outside threats, including intrusion detection and prevention. When in place, this solution can help you meet requirements 1.1, 1.2, 1.3 and 1.5.

Requirement 5:
Protect all systems against malware and regularly update anti-virus software or programs


Endpoint Detection and Response

Our Endpoint Detection and Response service includes traditional (signature-based) and next-generation (analytics-based) malware protection, with frequent updates and realtime lookup. This service can be used to satisfy requirement 5.

Requirement 10:
Track and monitor all access to network resources and cardholder data

10.5, 10.6, 10.7

Log Monitoring and Mangagement

Log Monitoring and Management (via the ControlScan Managed SIEM service) collects log and machine data for analysis. Information is correlated and reviewed to identify anomalies of suspicious activity on a continuous basis. The log monitoring service provides real time alerts on possible unauthorized access to the cardholder data environment and other critical systems. Collected data is archived within secure storage for later reference. This service helps meet requirements 10.5, 10.6, and 10.7.

Requirement 11:
Regularly test security systems and processes

11.1, 11.2, 11.3, 11.4, 11.5 and 11.6

Unified Threat Management Firewall with Secure Wi-Fi

Internal Vulnerability Scanning

External Vulnerability Scanning

Network and Application Penetration Testing

Network Segmentation

Network Intrusion Detection

File Integrity Monitoring

Our UTM Firewall with Secure Wi-Fi service is fully managed by our team of security experts. It protects your network against outside threats and provides a secure wireless network for your POS, back office and guests. This solution satisfies 11.1.

Internal Vulnerability Scanning identifies vulnerabilities within your internal systems so that you can harden them against attack. This solution satisfies requirement 11.2.1.

External Vulnerability Scanning checks for cross-site scripting, SQL injection, remote file inclusion and other application and network-based vulnerabilities. This solution satisfies requirement 11.2.2.

Network and Application Penetration Testing services simulate attacks against your critical information systems and applications. These services are delivered by our staff of veteran penetration testers. These services satisfy requirements 11.3, 11.3.1 and 11.3.2.

Applicable for those qualifying for SAQ C, Segmentation Validation is an alternative to a full penetration test that validates effective network segmentation. This solution is available to those utilizing the ControlScan UTM Firewall service and addresses requirement 11.3.4.

Network Intrusion Detection capabilities built into our UTM Firewall solution help to alert you of anomalous activity on your networks. This will help satisfy requirement 11.4.

File Integrity Monitoring (FIM) satisfies requirement 11.5, which requires file integrity monitoring or change detection software on logs to ensure that existing log data cannot be changed without generating alerts. FIM is delivered via the ControlScan Managed SIEM service.

Requirement 12:
Maintain a policy that addresses information security for all personnel

12.1, 12.2, 12.3, 12.6, and 12.10

Policy Builder

IT Risk Assessment

Security Awareness Training

Security Consulting Services

Policy Builder provides you the opportunity to generate a baseline set of policies to help with PCI compliance. Policies required throughout the entire PCI DSS are available, including the Information Security Policy, Acceptable Use Policy, Security Awareness Training Policy and Incident Response Plan Policy required by 12.1, 12.3, 12.6, and 12.10, respectively.

The ControlScan Security Consulting team conducts IT Risk Assessments that evaluate your most critical IT assets and functional areas to determine the impact a malicious act or loss of data would have on your organization's operations. This solution satisfies PCI requirement 12.2.

PCI Security Awareness Training offers comprehensive courses to educate your employees on the critical areas of vulnerability and security best practices. This cloud-based tool provides on-demand reporting capabilities allowing you to track user progress and completion and assign courses quickly and effectively. This solution satisfies requirement 12.6.

Our Security Consulting Services team works with you and your organization to ensure that you have a properly developed incident response plan and policy. We also work with your teams to perform table top exercises to test your Incident Response program and process. These services will satisfy requirement 12.10.