Set of audited reference architectures to help retailers worldwide meet broad compliance challenges while bolstering security efforts
The Security Division of EMC (NYSE: EMC), today announced the interoperability of five RSA® PCI Solutions in the Cisco Payment Card Industry (PCI) reference architectures. The Cisco PCI Solution for Retail Validated Network Designs help retailers of all sizes effectively address the data security requirements mandated by the PCI Data Security Standard (PCI DSS).
The Cisco Validated Network Designs, which have been validated by external PCI Qualified Security Auditor (QSA) Verizon Business, offer a set of cost-effective, audited solutions that help customers meet many of the most challenging PCI DSS requirements, including authentication, encryption and compliance reporting. RSA is leveraging the Cisco PCI Validated Network Designs to help enable retailers to easily integrate new or existing technology solutions into their in-store, Internet edge and data center environments in a PCI DSS compliant manner.
"The complexity of PCI compliance cannot be untangled by a single product or set of products; the requirements call for a holistic strategy that spans people, process, and technology," said Jim Melvin, vice president of Marketing and Security Solutions at RSA. "Smart retailers, who take advantage of PCI DSS as an opportunity to establish a foundation of broad data security best practices, will be better prepared to not only achieve and maintain PCI DSS compliance, but to ready their organizations for new data security and compliance requirements that may emerge in the future."
Delivering one of the industry's most comprehensive PCI DSS solutions
Cisco PCI Solution for Retail in-store network designs, deployed in Cisco's technology labs provide clear, in-depth guidance on how retailers may deploy associated RSA and Cisco products in a PCI validated manner. Retailers can consult Design & Implementation Guides for technical instruction on the deployment of particular products to address specific PCI requirements. Furthermore, retailers may review a Report on Compliance from Verizon Business, which provides feedback from a certified PCI QSA regarding the ability of RSA and Cisco products to be deployed in a manner that meets specific PCI DSS requirements.
"The strategic alliance between RSA and Cisco centers on the development of technology to bring data protection into the network to help customers simplify the protection of sensitive information," said Melvin. "Today with our combined expertise, we are able to offer retailers one of the industry's most comprehensive sets of audited technologies and services designed to protect credit card data whether it resides in-store, at the Internet Edge or at the data center."
The RSA technology solutions included in the Validated Network Designs include:
- Encryption and key management: RSA® Key Manager and RSA® File Security Manager are designed to enable retailers worldwide to address PCI Requirement 3 by helping to secure data from its creation at the point-of-sale application, through all endpoints - regardless of whether data resides in the network, an application, database, files and folders, or disk/tape storage. In addition, RSA's enterprise-wide key management solution is engineered to help ensure that data will be both available and properly protected no matter when or where it is needed.
- Authentication and authorization: RSA SecurID® two-factor authentication technology and RSA® Access Manager are designed both to help retailers address PCI Requirements 7 and 8 by creating tools to positively establish the identities of users, and to ensure that only authorized users may access cardholder data. RSA's strong authentication and authorization solutions are designed to deliver out-of-the-box integration with hundreds of products that can be part of a PCI infrastructure, such as VPNs, firewalls, and application servers, enabling retailers to ensure that users accessing cardholder systems are trusted.
- Compliance and security information management: RSA enVision® technology is engineered to allow retail businesses to effectively meet PCI DSS Requirement 10 by establishing a centralized point for tracking and monitoring access to cardholder data throughout a PCI environment. RSA's solution is also built to retain an audit trail history as required by PCI mandates. These solutions also allow for out-of-the-box PCI compliance reports, significantly easing the process of demonstrating compliance to auditors.
RSA Professional Services and Technology Solutions offer strategic, consultative approach to broader compliance
Beyond the RSA technology solutions included in the Cisco PCI Solution for Retail reference architectures, merchants embarking upon PCI compliance initiatives can look to RSA
® Professional Services for up-front consulting services that will help them begin with a clear understanding of their current PCI posture so that they can then develop a compliance strategy that best matches their needs.
In order to secure card holder data, as in accordance with the PCI DSS, companies must monitor where