The Payment Card Industry Data Security Standard (PCI-DSS) is a brief, pragmatic and very reasonable set of standards intended to guide financial institutions, retailers and other data processors in protecting data about credit cards and their owners. This document describes how identity management products from Hitachi ID Systems, Inc. can be used to help organizations comply with PCI-DSS.
13. PCI-DSS v2.0 Compliance Using Hitachi ID Management Suite
Identity Manager runs an auto-discovery process nightly, which extracts a list of users, their managed at-
tributes and their membership in managed groups from each target system. On systems where Identity
Manager is the only authorized user management facility, this list should be identical to the data already in-
side Identity Manager. Where this is the policy but changes are nevertheless detected, a security exception
can be raised. Normally, such exceptions trigger automatic e-mails to target system administrators, asking
them to confirm that the detected security changes are valid.
3.3 Access Certifier
Periodic review and cleanup of security entitlements
Hitachi ID Access Certifier helps organizations to find and eliminate stale user privileges:
• All user objects are subjected to periodic reviews – by managers and group owners. Orphan and
dormant accounts are eliminated.
• All user membership in security groups (also known as roles, profiles, etc.) are periodically scrutinized.
Inappropriate rights are deactivated.
• Accountability is introduced by documenting when each login ID and group membership was reviewed
and by whom.
• Organizational roll-up allows executives to sign off on statements asserting that all sensitive security
rights have been reviewed.
3.4 Privileged Access Manager
Control and audit access to privileged accounts
Hitachi ID Privileged Access Manager helps organizations to secure privileged accounts:
• Eliminate static and shared passwords.
• Enforce strong authorization controls over who can access which administrative account and when.
• Personally authenticate IT staff before granting access to privileged accounts.
• Create an audit log of who accessed each privileged account and when.
www.Hitachi-ID.com
500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: sales@Hitachi-ID.com
File: /pub/wp/documents/pci-dss/pci-dss-compliance-2.0.tex
Date: 2012-04-29