White logo
Contact us
Solutions
Resources
Company

Introduction

In this article, we will look specifically at the Payment Card Industry Data Security Standard (PCI DSS) standard, and how Airgap Networks’ microsegmentation can help organizations achieve compliance with this standard.

The PCI DSS is a set of security standards designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment. It relates to cyber security because it provides a framework for protecting sensitive payment card information from breaches and cyberattacks and sets out specific requirements for companies to follow to secure cardholder data. The goal of PCI DSS is to reduce the risk of payment card fraud and to increase the overall security of payment card transactions.

PCI DSS Framework

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to protect sensitive payment card information from theft or abuse. The framework was developed by major credit card brands such as Visa, Mastercard, American Express, and others, and applies to all organizations that process, store, or transmit payment card data.

The PCI DSS framework is comprised of 12 requirements that must be met to ensure the security of payment card data. These requirements cover areas such as network and software security, access controls, monitoring and testing, and incident response. Organizations are required to implement and maintain these security controls, and to undergo an annual assessment to verify their compliance with the standard.

The 12 requirements of the Payment Card Industry Data Security Standard (PCI DSS) framework are:

  • Build and Maintain a Secure Network
  • Protect Cardholder Data
  • Maintain a Vulnerability Management Program
  • Implement Strong Access Control Measures
  • Regularly Monitor and Test Networks
  • Maintain an Information Security Policy
  • Control Physical Access to Cardholder Data
  • Regularly Monitor and Control Logging Access
  • Restrict Access to Cardholder Data by Business Need-to-Know
  • Assign Unique IDs to Each Person with Computer Access
  • Regularly Test Security Systems and Processes
  • Maintain a Vulnerability Management Program

These requirements cover a wide range of security measures and practices, including network and software security, access controls, monitoring and testing, and incident response. Organizations are required to implement and maintain these security controls, and to undergo an annual assessment to verify their compliance with the standard.

Adherence to the PCI DSS standard is important for organizations that process payment card data, as it helps to reduce the risk of payment card fraud and to increase the overall security of payment card transactions. Additionally, compliance with the PCI DSS framework can improve the reputation and credibility of an organization, as it demonstrates a commitment to protecting sensitive payment card information. Failure to comply with the standard can result in hefty fines and can harm an organization's reputation and ability to do business.

How does Airgap Networks’ microsegmentation fit into this framework?

Requirement 1 of the Payment Card Industry Data Security Standard (PCI DSS) framework is "Build and Maintain a Secure Network." This requirement focuses on establishing a secure infrastructure for processing, storing, and transmitting payment card data.

One of the ways to meet this requirement is through network segmentation, which involves dividing a network into smaller, isolated segments, or "zones." This helps to limit the scope of a security breach, reduce the attack surface, and improve the overall security of the network. For example, sensitive payment card information can be stored on a separate segment of the network, isolated from less sensitive data. This way, if a breach occurs, the attacker will not have access to the entire network and will not be able to access sensitive payment card data.

Network segmentation is a key aspect of meeting Requirement 1 of the PCI DSS framework and can help organizations to maintain a secure network, protect sensitive payment card information, and improve their overall security posture. When implemented correctly, network segmentation can provide an extra layer of security that helps to prevent unauthorized access, protect against cyberattacks, and ensure compliance with the PCI DSS standard.

Airgap Networks’ agentless microsegmentation places each endpoint into its own isolated network segment and allows only authorized communication between them. The default security policy is to disallow any communication between each endpoint/network micro segment unless authorized by the security operator. In this way, servers which are processing sensitive payment card information can be placed in their own isolated network segments and only authorized communication permitted between them.

Summary

The PCI DSS framework focuses on establishing a secure infrastructure for processing, storing, and transmitting payment card data. Network segmentation, dividing a network into isolated segments, can help organizations meet this requirement by limiting the scope of a security breach, reducing the attack surface, and improving the overall security of the network.

Microsegmentation is an integral part of Airgap’s Zero Trust Everywhere solution, contributing to our customers' zero trust security initiatives and frameworks.