PCI DSS

PCI DSS is known for being one of the most granular and specific security standards in the market today. Addressing every domain of information security except BCP, PCI DSS aims to secure credit and debit card related information. It achieves this by a set 6 goals, broken into 12 requirements and more than 300 sub-requirements to be implemented within the cardholder data environment. With a large number of organizations and people taking their money online, PCI DSS compliance reinforces the trust that your customers have in your network and technology infrastructure.

BUILD AND MAINTAIN A SECURE NETWORK
  • Requirement 1: Install and maintain a firewall configuration to protect cardholder data
  • Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
PROTECT CARDHOLDER DATA
  • Requirement 3: Protect stored cardholder data
  • Requirement 4: Encrypt transmission of cardholder data across open, public networks
MAINTAIN A VULNERABILITY MANAGEMENT PROGRAM
  • Requirement 5: Use and regularly update anti-virus software
  • Requirement 6: Develop and maintain secure systems and applications
IMPLEMENT STRONG ACCESS CONTROL MEASURES
  • Requirement 7: Restrict access to cardholder data by business need-to-know
  • Requirement 8: Assign a unique ID to each person with computer access
  • Requirement 9: Restrict physical access to cardholder data
REGULARLY MONITOR AND TEST NETWORKS
  • Requirement 10: Track and monitor all access to network resources and cardholder data
  • Requirement 11: Regularly test security systems and processes
MAINTAIN AN INFORMATION SECURITY POLICY
  • Requirement 12: Maintain a policy that addresses information security
We Analyse the PCI DSS Compliance of your Organization

PCI DSS Compliance is not an overnight process; rather, it's the collaboration of numerous initiatives undertaken by various personnel within your organization, all working towards a common goal. In short, it can sometimes be a monumental effort needed by all for ensuring PCI DSS compliance is ultimately successful. So, where do you begin, what's needed of you and your organization, and where do you find the tools and resources for undertaking PCI DSS compliance? Outlined are key activities, deliverables, and milestones for ensuring your organization is on the right path for PCI DSS compliance. Nnajgel Solutions PCI DSS Gap Analysis is for organizations who want to measure current corporate information security practices against the PCI DSS. This service is relevant to organizations that are accepting or processing credit card transactions and want to gauge current information security controls and practices against the PCI DSS standard. The Gap Analysis is often the first step of a PCI DSS compliance project, and provides a roadmap for compliance to the PCI DSS standard. This service will typically involve a number of days onsite for Nanjgel Solutions to meet with the managers who are in charge of the PCI DSS program; key staff involved in network administration and cardholder systems; and the individuals responsible for company procedures and policies.

The following is a high-level overview of the Nanjgel Solutions
PCI DSS Gap Analysis process:

Nanjgel Solutions is a leader in helping customers understand and maintain compliance with the PCI DSS requirements. Nanjgel Solutions provides customers innovative approaches to assessing their PCI DSS scope and implementing the necessary controls to meet and exceed the objectives of the PCI DSS standard.

After each Gap Analysis, Nanjgel Solutions delivers a detailed report outlining the following information:

  • High level review of the cardholder data environment
  • Identification of all current cardholder data processes and storage locations
  • Identification of areas where the client is fully compliant
  • Identification of areas where no solutions, processes or policies exist
  • Recommendations for next steps
  • Completed Self Assessment Questionnaire (SAQ)
  • Completed prioritized approach document
top down