Cenzic Solutions for PCI Compliance
Application Security to Meet Rigorous Regulatory Requirements
The Payment Card Industry Data Security Standard (PCI DSS) Program is a mandated security initiative which was created to offer merchants and service providers a complete, unified approach to safeguarding credit cardholder information for all card brands.
The Payment Card Industry (PCI) Data Security Standard was developed by American Express, Discover Financial Services, JCB, MasterCard, and Visa to provide a common framework on how companies handling credit card data should protect that information. PCI security is enforced through annual audits and non-compliant organizations face a broad range of penalties, including large fines.
The PCI security standard centers around 12 requirements for protecting credit card data. These requirements apply to all system components—defined as any network component, server, application, or tool that can connect to the data. Five of the 12 PCI requirements relate to data auditing.
PCI Compliance Requirement 6.6
Payment Card Industry (PCI) Requirement 6.6 goes into effect on June 30, 2008. In order to meet this requirement, any Web applications that store, process, or transmit credit card information must be able to:
- Detect vulnerabilities in Web-facing application code
- Prioritize, manage, and remediate vulnerabilities
- Validate and document that vulnerabilities have been corrected
How will you comply with PCI Requirement 6.6 to "ensure all Web-facing applications are protected against known attacks?"
Cenzic’s solutions for Cloud, Mobile and Web applications exceed PCI requirements by offering customers unlimited scanning during its annual subscription period. In addition, Cenzic maps to PCI vulnerability severity levels for simplified customer reporting.
Cenzic is an approved PCI Scanner Vendor by the PCI Security Standards Council (certificate number 4192-01-01). Through its attack library and compliance scripts, Cenzic allows customers to find vulnerabilities and secure their applications that would help them assure compliance with Section 6.6. of the PCI Standard, which focuses on application security. There is a separate category for PCI Compliance within Cenzic that can be used to test your applications. The resulting powerful reports show you the results in a granular fashion with a pass or fail status to help you fix the vulnerabilities through remediation information.
Cenzic is a cost-effective service that delivers a website vulnerability management service with verified, actionable results—shifting the focus from finding vulnerabilities to fixing them. It is a highly-scalable solution for companies that must achieve PCI compliance and need to:
- Fix website vulnerabilities with one turnkey solution
- Communicate vulnerabilities to development and risk management teams
- Maintain continual visibility into Web-facing application vulnerabilities
- Document the Web-application vulnerability lifecycle for auditors
- Retest and validate vulnerability closures
- Have unlimited access/creation of reports
- Control costs
Cenzic’s application security solutions help financial institutions comply with PCI data protection regulations, by allowing them to use automated processes to test for vulnerabilities in Cloud, Mobile and Web applications. Cenzic assesses risk, checks for vulnerabilities as well as tests code and controls during software development for the purpose of preventing unauthorized access, destruction, use, modification or disclosure of personal information.
Reduce Security Risk:
Estimate the financial impact of a breach!
Calculate your application security exposure and risks.Start Calculator