Facilitate PCI DSS compliance

Achieve and maintain PCI DSS compliance with managed file transfer

The Enhanced File Transfer™ (EFT™)  Regulatory Compliance Module exceed security practices mandated by PCI DSS, FIPS 140-2 Validation, HIPAA, Sarbanes-Oxley, and others for data transfer, access, and storage. To achieve PCI DSS compliant file transfer, our security modules help to ensure:

  • Data is stored and disposed of securely
  • Account and password security policies adhere to standards
  • Strong encryption ciphers and keys are used exclusively
  • Violations are reported, compensating controls are applied, and changes are monitored and recorded

Protection of Data at Rest

Globalscape EFT can help organizations comply with data storage requirements—including not storing data in the network's demilitarized zone (DMZ)—using repository encryption, and securely sanitizing deleted data so that it cannot be reconstituted.


Protection of Data in Transit

With support for multiple secure protocols and a built-in FIPS 140-2 cryptographic library, the Globlascape EFT security modules protect data in transit. By enforcing the use of secure protocols, strong ciphers and encryption keys, and maintaining password policies, data transfers strictly follow the PCI DSS requirements.


Controlled Access to Data

The Advanced Authentication Modes Module enforces account access policy controls such as the automatic lock out of accounts after a set amount of incorrect login attempts and the removal of inactive accounts after a certain period of inactivity. Additional security controls can be set to expire passwords automatically on certain dates, and notifications such as emails and banners can be configured accordingly. For user authentication, you can use an AD, NTLM, LDAP, or ODBC-compatible database, or Globalscape EFT's authentication manager.


Active Monitoring

The Globlascape EFT security modules actively support the PCI DSS by:

  • Monitoring compliance
  • Alerting on non-compliance
  • Identifying the cause of non-compliance
  • Allowing reverting of security controls
  • Notifying if a PGP key is near expiration 
  • Enabling inactivity timeout by default  
  • Implementing mitigation/workaround techniques
  • Providing reports for auditor sampling

The Auditing and Reporting Module (ARM) captures all server activity in a relational database.


Minimized Attack Vector

The Globlascape EFT security modules let you leverage your existing Active Directory infrastructure for EFT administrator accounts, eliminating the need to create, maintain, and track standards compliance of built-in, administrator accounts typical of most managed file transfer (MFT) solutions.


Maintaining PCI DSS Compliant File Transfer

Securing sensitive company data requires continuous monitoring and validation of security policies and controls. Globalscape makes it easy for an administrator to create and maintain secure file transfer services that meet or exceed these standards with a simple set-up wizard. Once enabled, our security modules are ever-vigilant security tools that disallows low-security options, captures compensating controls, and generate reports for auditing the system’s compliance status.

 

Get to Know Other Globalscape EFT Features

Anchor ID:

#get-to-know-other-globalscape-eft-features-19984

Compliance

Auditing and Reporting Module (ARM)

Content Integrity Control (CIC)

Get Started

Anchor ID:

#get-started-19021