IT Search – A New Approach to Payment Card Industy (PCI) Compliance

pci.jpg The payment card industry data security standard, PCI DSS for short, was developed by the credit card industry to address data theft. The standard consists of twelve security requirement. Anything from traffic policies to requirements around anti virus software are covered by the standard.

If you are a company that does more than 20.000 transactions per year, you will have to implement the twelve requirements. If you are doing less, you will get away with a quarterly vulnerability scan.

IT search, Splunk, can directly address some of the areas and indirectly address most of the others. Specifically the areas where IT search assists are the following:

  • Log management (PCI requirement 10)
  • Secure & Central Log Collection (PCI requirement 10.5)
  • Audit Trail Retention (PCI requirement 10.7)
  • Daily Log Review (PCI requirement 10.6)
  • Secure Remote Access (PCI requirement 7.1)
  • File Integrity Monitoring (PCI requirements 10.2.2, 11.5 and 10.5.5)
  • PCI Control Reporting*

The Splunk for PCI application can be downloaded from SplunkBase. It provides a set of 91 searches and 57 reports, a dashboard, and a set of alerts that can be used to monitor the control objectives. The application makes use of Splunk’s IT search capabilities to address PCI. IT search has some very unique capabilities and is uniquely positioned to address PCI compliance:

  • satisfy ad-hoc requests form auditors
  • do large-scale reporting and investigations
  • automate control objective monitoring
  • add new control objectives and policies that require flexible monitoring and correlation capabilities
  • support ever changing data sources
  • re-use already collected data
  • incorportate file monitoring (not just traditional one-line log messages)

The Splunk for PCI application also gives you a capability to implement compensating controls for some of the PCI requirements. Also make sure to check out the daily log review process that helps you very easily tackle requirement 10.6.

Splunk is serious about PCI compliance: We are now part of the PCI Council. This is going to ensure that we know about upcoming changes to the PCI standard ahead of time and we can help influence future direction of it.

Raffael Marty

Posted by