PCI Compliance Solutions - Enforcive

PCI is the Payment Card Industry Data Security Standard (PCI-DSS), a set of rules to ensure the safety of payment card holder information.

This paper gives you a brief introduction to the PCI compliance solutions produced by Enforcive Systems Ltd. The PCI DSS lists 12 broad requirements that must be addressed for an organization to be PCI compliant. The data security software products described below are aimed at several of these requirements.

The first requirement of the PCI-DSS is to install and maintain a firewall configuration to protect cardholder data. The Enforcive IP Packet Lockdown, built especially for the IBM i computer, is a powerful addition to a standard firewall. Through a familiar, easy-to-understand IBM i native green screen interface, you can setup IP Packet rules to restrict access in and out of IBM i ports.

User-defined naming of IP addresses simplifies setting up and reviewing policy, while the IP packet activity is viewable in the native green screen environment and in the PC-based GUI client. See also Enforcive IP Packet Lockdown.

The forth PCI requirement is to encrypt the transmission of cardholder data across open, public networks. Crypto Complete achieves this on the IBM i (iSeries) and can be integrated into existing information systems on this platform. See also Enforcive Crypto Complete.

Enforcive/Enterprise Security is a powerful data security and PCI compliance solution. Its features give a solid answer to PCI compliance requirements 3 (protect cardholder data), 7 (restrict access to cardholder data) and 10 (track and monitor all access to cardholder data).

Access control to IBM i resources, combined with a system and application audit capability, makes Enforcive/ Enterprise Security a leader among PCI compliance solutions for the IBM midrange family. A user-friendly GUI is used in definitions and in presentation of PCI compliance audit events. See also Enforcive/Enterprise Security,

The Policy Compliance Manager addresses PCI requirement 12 to maintain an information security policy. It is a template-based policy manager in which definitions for user profiles, object authorities, system values and IFS permissions can be clearly laid down, checked against the actual definitions in your system and enforced by running a process of fixing according to policy. See also Enforcive Policy Compliance Manager.

Enforcive produces products to enhance CICS security addressing requirements 8 (unique user ID) and 3 (protect data). Solutions exist for CICS on MVS (z/OS), VSE 2.3 and VSE/TS. Fields (or segments) can be protected and masked in VSAM, IMS and DB2. See also Mainframe compliance.

See also Enforcive PCI Compliance Software.