PCI & CIS: Partners in Data Security
It’s happening all the time - a transaction occurs with every swipe of a credit card and when payment details are entered online. But have you considered how those payment transactions are protected by a global, cross-industry effort? The Payment Card Industry Security Standards Council (PCI SSC) leads the path to increasing payment integrity by providing data security standards and programs that can help businesses detect, mitigate, and prevent cyber-attacks.
United for security
The Payment Card Industry Data Security Standard (PCI DSS) has been around since 2004. It was initially launched to help prevent credit card fraud. Today, there are 29 PCI Board of Advisors members, including our Senior Vice President of CIS Benchmarks, Kathleen Patentreger. Together, the Board of Advisors represent a global team of strategic partners who are dedicated to securing payment data. Each member of the board brings industry, geographical, and technical insight to PCI SSC initiatives.
CIS has long worked with the Financial Sector to secure its data. In fact, CIS Benchmarks are referenced in the PCI Data Security Standards. It only makes sense that as an industry leader of standards and technology that we share our experience and insight into the PCI Council’s plans and projects. For the past three years, working with the PCI Board of Advisors has been a rewarding way to accomplish that while collaborating with Global Leaders dedicated to the same mission and goals to secure data and transactions in a connected world.
Senior VP of CIS Benchmarks
It’s up to every organization involved in payment processing transactions, including vendors and retailers, to ensure compliance. The responsibility to comply with PCI DSS may seem daunting – but it doesn’t have to be. Treating it as an on-going process throughout the year rather than a one-time project can help ensure success. With the help of some of our cyber defense best practices and tools included in CIS SecureSuite Membership, we can get you on the road towards PCI compliance.
Best practices and beyond
PCI DSS references CIS resources to help protect payment card data. This means organizations can use the CIS Controls and CIS Benchmarks to help achieve PCI compliance. The CIS Controls and CIS Benchmarks provide security best practices for systems and data. They are developed by a community of cybersecurity experts and IT professionals from around the world that debate and commit on cyber defense practices. The CIS Controls are 20 prioritized best practices that IT teams can implement to help prevent cyber-attacks.
The CIS Benchmarks are configuration recommendations for 140+ technologies including servers, operating systems, and cloud infrastructure. They provide guidance on administrative privileges, data encryption standards, port access, and more.
Playing our part
PCI DSS provides a comprehensive set of requirements to secure payment account data worldwide. CIS’ security best practices are recognized and referenced as a key foundational piece of a PCI-compliant cyber defense program. Specifically, the CIS Benchmarks are referenced by PCI DSS Requirement 2 for security. Combined with the CIS Controls, the CIS Benchmarks can help with multiple aspects of PCI compliance, including:
- Firewall and Router Configurations
- 1 Patch Management
- 1 Access Control
- 4 Change Control
CIS-CAT Pro Dashboard, a component of CIS SecureSuite Membership, allows systems administrators and IT professionals insight into a subset of machines in their environment. This helps create greater visibility into which machines require PCI DSS compliance, so you can audit and measure CIS Benchmark conformance on a specific group of endpoints. Each CIS-CAT Pro report includes remediation steps for non-compliant settings, so you’ll know what to do to improve your configuration audit scores.
As part of our mission, CIS will continue to work with PCI and other global standard organizations to provide best practice guidance for securing IT systems in the finance industry and more.
Catch our crew at PCI's 2019 Event
Don't miss the CIS team at the PCI North American Community Meeting 2019 in Vancouver, BC from September 17 - 19. Stop by booth #57 to chat with the CIS team or join us Tuesday, September 17 at 3pm for the Tech Exchange. We’ll be sharing how organizations can protect payment card data in cloud environments and how the “shared responsibility” model is key to your security success. Learn how the CIS Benchmarks and tools like CIS-CAT Pro can help ensure compliance for PCI DSS.