Table of contents

PCI DSS compliance enabled by Network Security

The Payment Card Industry Data Security Standard (PCI DSS) is a set of information security guidelines that are designed to help protect user data and ensure customer trust. Network Security offers best practices and suggestions to help you meet PCI DSS compliance. However, we recommend working with your auditor to ensure the security practices in place meet what is necessary for your specific environment.

Network Security virtual appliances are designed to protect your network traffic from malicious malware and threats. You can deploy virtual appliances to protect inbound traffic from external threats and to protect outbound traffic from data exfiltration or other insider threats.

The following table defines some of the PCI DSS metrics and gives examples of how Network Security can help you meet those requirements.

PCI requirement definition Network Security solution
11.4: Use network intrusion detection and/or intrusion prevention techniques to detect and/or prevent intrusions into the network.
Monitor all traffic at the perimeter of the cardholder data environment as well as at critical points inside of the cardholder data environment, and alert personnel to suspected compromises.
IDS/IPS engines, baselines, and signatures must be kept up to date.
Deploy Network Security virtual appliances.
Send alerts to monitor traffic.
Enable sync management to keep security up to date.
1.2.1: Limit inbound and outbound traffic to only what is required for the cardholder data environment and specifically reject all other traffic. Enable features like Domain filtering and Geolocation filtering to help meet the individual security needs of your environment.

PCI DSS checklist items

Complete the following checklist items to help your environment become more PCI compliant.

Prerequisites

Before any PCI DSS requirements can be met, you must successfully deploy Network Security in your environment.

Add your Cloud accounts to Network Security. Learn more.

Deploy protection in your environment.

Check to make sure Network Security is successfully deployed and protecting traffic. Review the assets page for a more detailed view of which assets in your environment are now protected. Learn more.

11.4 PCI DSS items

Make sure that Digital Vaccine Auto-Sync is enabled in Network Security. This setting is automatically enabled to ensure that the latest filters are used to protect your environment. Learn more.

Set up event management to send virtual appliance events and alerts for monitoring.

  • Connect to Splunk or another system log server to send IPS events to your security information and event management (SIEM). Learn more.
  • Set up CloudWatch to configure log streaming and monitoring in AWS. Learn more.

Enable TLS inspection to protect inbound TLS-encrypted IPv4 traffic. Learn more.

1.2.1 PCI DSS items


NOTE

Not all of these checklist items might be required for your environment to meet 1.2.1 PCI DSS compliance. The settings you select should be enabled to meet the individual needs of your network environment.


Enable Geolocation filtering to block incoming and outgoing IPv4 requests by countries or regions. Learn more.

Enable Domain filtering to further restrict outbound traffic to known, safe hosts and to ensure you are only communicating with qualified domain names (FQDNs). Learn more.

Next Steps

We recommend that you reassess your security processes and incident response plans after you successfully deploy Network Security to make sure you meet all of your security outcomes in your environment. Some other PCI DSS requirements not covered in this topic, like 10.8 and 12.10.5, for example, might also be impacted by deploying Network Security.

For a more in-depth look at PCI compliance in your environment, we recommend using Trend Micro Cloud One – Conformity. Conformity is a service in the Trend Micro Cloud One family that analyzes a company's compliance across several standards and frameworks, including PCI DSS. Learn more.