Navigating the PCI DSS requirements can be challenging, but this white paper can help.
According to the eye-opening "Chronology of Data Breaches" maintained by Privacy Rights Clearinghouse (privacyrights.org), a consumer advocate organization, unauthorized access to data is growing into an everyday occurrence. Many shocking breaches are the result of egregious errors made by the guardians of the data. Some do not involve a criminal perpetrator; many others involve nefarious access to information and data—typically for financial gain.
Attempting to slow—as it will likely never be halted—the use of data for unethical or illegal purposes is a challenge in every industry and in every nation around the world. As a result of the most significant breaches and cases of information mismanagement, regulatory and legislative compliance standards have sprung up in a frenzied attempt to prevent their reoccurrence.
Anyone who's been subjected to a formal compliance audit will attest to the fact that it can be a challenge to meet—or ideally exceed—the requirements imposed by these various mandates. The difficulty comes from having to understand and translate complex business requirements into technology directives. Additionally, there's the cost and impact of aligning the business to achieve and maintain compliance. This is often made worse by the fact that requirements may be interpreted and assessed in different ways by different auditors.
One of the most influential of today's regulatory standards is the Payment Card Industry's Data Security Standard (PCI DSS), a compliance baseline designed to guard credit card data and processes. Formed in 2006 by five major card brands (MasterCard, Visa, American Express, Discover, and JCB International), the PCI Security Standards Council designed a framework of 12 primary requirements and a comprehensive assessment and penalty process.
Unfortunately, many audit firms are unfamiliar with the IBM i operating system and its uniquely integrated database and security controls. As a result, recommendations are often made that do not make sense to those who have experience working with the platform. Unfamiliarity also increases the risk that data will be compromised, as there's a very real likelihood that serious configuration vulnerabilities will be missed.
PowerTech, a leading security and compliance company, has released a white paper discussing how PCI DSS requirements impact servers running IBM i (aka AS/400 and iSeries). The document includes ways that PowerTech's comprehensive suite of security solutions can assist in achieving and maintaining PCI compliance. If your organization stores or processes regulatory-controlled data—such as credit card information—on these servers, then this document is one of the must-read resources available in the PowerTech library.