PCI / DSS Compliant

Regulatory issues and security concerns are a reality for companies today. Protecting your data, as well as the data of your customers, is of utmost importance. Partnering with Internap to achieve PCI compliance can reduce compliance costs, increase security and decrease the time it takes to obtain your own Report on Compliance (ROC).

Keeping Your Customers’ Data Safe

The Payment Card Industry Data Security Standard (PCI-DSS) prescribes 12 requirements that can help protect your customers’ data—not just credit card data. We can work with you to identify PCI compliance gaps and construct a plan for meeting the process and technology requirements of PCI-DSS.

Here’s how we can help you meet each of these requirements:

 

PCI DSS
Requirements
How We Can
Help You
What You Need
to Do
1 Install and maintain a firewall configuration to protect cardholder data • Managed network firewall • Ensure segmentation of card holder data environment.
• Review firewall rules semi-annually
• Create demilitarized zone (DMZ)
2 Don’t use vendor-supplied defaults for system passwords and other security parameters • Internal vulnerability scanning • Scan vendor supplied passwords
3 Protection of card holder data N/A • Encrypt card holder data
• Encrypt databases
• Secure disposal of media
4 Encrypt transmission of cardholder data across open, public networks • VPN Service
• Managed network firewall
• SSL certificates
• Encrypt transmission of card holder data across open public networks
5 Use and regularly update anti-virus software programs • Log management

• Anti-virus

• Ensure anti-virus is deployed and continuously patched
6 Develop and maintain secure systems and applications • Internal and external PCI vulnerability scanning
• Web application firewall
• Patch management service
• Secure access to applications and card holder data
7 Restrict access to cardholder data on a need-to-know basis • Security Operations Center work flow change request process • Secure application & encryption
8 Assign unique ID to each person with computer access • Multifactor authentication
• VPN Service
• Security Operations Center work flow change request process
• Conduct multifactor authentication
9 Restrict physical access to cardholder data • Physical data center security
• SOC2 data center processes and auditing
• Protect card holder data
10 Track and monitor all access to network resources and cardholder data • Log management • Protect card holder data
11 Regularly test security systems and processes • Internal and external vulnerability scanning
• Intrusion detection and prevention system
• Conduct internal and external penetration testing
• Provide wireless Intrusion detection and prevention
12 Maintain a policy that addresses information security for all personnel • Monitoring service • Conduct internal and external penetration testing
Turn your Internet infrastructure into a competitive advantage.Request a Quote