Phone: 1.800.290.5054 or 1.210.308.8267      Support: 1.210.366.3993      Partner Program
Choose Region
    • Germany
    • France
    • Italy
    • Mexico
    United States
 
 
Loading
 
   
Skip Navigation LinksHome > Products & Services > Enhanced File Transfer (EFT) > Capabilities > PCI Compliance

EFT High Security-PCI Add-on Module

Raise EFT security to the level required by the Payment Card Industry - Data Security Standard (PCI-DSS)

The High Security-PCI add-on module achieves or exceeds security practices mandated by PCI-DSS, HIPAA, and Sarbanes-Oxley for data transfer, access, and storage.

The module ensures:
  • data is stored and disposed of securely
  • account and password security policies adhere to PCI-DSS
  • strong encryption ciphers and keys are used exclusively
  • violations are reported and compensating controls are applied
  • changes are monitored and recorded

Key Benefits

Protection of Data at Rest

The HS-PCI solution, in concert with EFT and DMZ Gateway server, helps organizations comply with data storage requirements, including not storing data in the network DMZ, using repository encryption, and securely sanitizing deleted data so that it cannot be reconstituted.

Protection of Data in Transit

The HS-PCI solution protects data in transit by enforcing the use of secure protocols, strong ciphers and encryption keys, and maintaining password policies that strictly follow PCI-DSS guidelines.

Controlled Access to Data

The High Security PCI solution lets you restrict accounts and require unique IDs for access. For user authentication, you can use an AD, NTML, LDAP, or ODBC-compatible database or EFT's authentication manager to isolate a specific group of users from other groups in your domain. The Auditing and Reporting Module (ARM) captures all server activity in a fully relational database.

Ongoing PCI-DSS Compliance

With PCI DSS, you cannot "set it and forget it." Compliance, with the ultimate goal of securing sensitive company data, requires continuous monitoring and validation of security policies and controls. Globalscape makes it easy for an administrator to create and maintain file-transfer services that comply with the PCI standard. The solution provides a setup “wizard” that walks administrators through configuring a new PCI DSS-enabled file transfer service, sets security settings default values, disallows low security options, captures compensating controls, and generates a PCI DSS compliance report for auditing the system’s PCI DSS compliance status.  

Achieving PCI compliance with EFT's High Security-PCI add-on module

The following table lists the PCI-DSS requirements and outlines specifically how Globalscape can help you become compliant. Setup wizards provide administrators with an easy, step-by-step method to configuring a new PCI-DSS-enabled site.

PCI-DSS Requirements EFT High Security-PCI Module

Requirement 1:

Install and maintain a firewall configuration to protect cardholder data
Several requirements in this section are handled through EFT's companion product: DMZ Gateway

Requirement 2:

Do not use vendor-supplied defaults for system passwords and other security parameters
Auto-configuration, reminders, warnings, and diagnostic checks for unsecure protocol use, vendor defaults used, and misconfigured security parameters.

Requirement 3:

Protect stored cardholder data
Multiple validation checks for data encryption, use of strong encryption keys, and a powerful disk sanitization feature for wiping deleted data

Requirement 4:

Encrypt transmission of cardholder data across open, public networks
Monitoring and enforcement of strong secure protocols and ciphers, including auto-redirect from non-secure to secure protocols

Requirement 5:

Use and regularly update anti-virus software
Requires measures external to the High Security PCI module

Requirement 6:

Develop and maintain secure systems and applications
Requires measures external to the High Security PCI module

Requirement 7:

Restrict access to cardholder data by business need-to-know
Provides granular delegated administration controls over server functions according to need-to-know policies.

Requirement 8:

Assign a unique ID to each person with computer access
Enforces password complexity, uniqueness, and related access control policies such as forced password reset and password expiration.

Requirement 9:

Restrict physical access to cardholder data
Data sanitization securely removes data from physical media

Requirement 10:

Track and monitor all access to network resources and cardholder data
The High Security module provides flexible, not mandatory compliance. A daily e-mailed report detailing current PCI status for all sites, including details of what is in compliance, where failures have occurred and what choices have been made that prevent compliance. The reports also detail an organization's compensating controls or alternative methods for achieving compliance and an audit trail of all administrator and user actions. Reports are produced automatically when triggered by a server event, such as a change to a setting that needs a compensating control.

Requirement 11:

Regularly test security systems and processes
Requires measures external to the High Security PCI module

Requirement 12:

Maintain a policy that addresses information security
Requires measures external to the High Security PCI module