Transfer Data within Compliance

PCI DSS, FIPS 140-2, HIPAA, HITECH, SOX, GLBA/FFEIC, DIACAP: Which compliance mandate is your organization required to follow?

Technology solutions have simplified much of modern business operations. However, enterprise compliance to any standard, including the PCI DSS, involves far more than a technology solution. Compliance is a doctrine that must be integrated into your IT procedures. With so many tasks from implementation to enforcement of the standard, where can you find the resources to comply?

The High Security Module (HSM) for Enhanced File Transfer™ (EFT™) helps organizations achieve or exceed security practices by the most rigorous standards. 

Protect Data at Rest

Protect Data at Rest

Data must be protected in storage. The HSM ensures that data is stored using repository encryption and never resides in the DMZ. Even deleted data is securely sanitized so that it cannot be reconstituted.

Protect Data in Transit

Protect Data in Transit

Cardholder data must be secure during the transfer process. The HSM ensures you are using secure protocols, strong ciphers, and encryption keys that strictly follow PCI DSS guidelines, such as PGP encryption, SSL v3 or later, TLS, SFTP, and ciphers with a minimum of 128 bits. Additionally, incoming HTTP traffic is redirected to HTTPS.

Control Access to Data

Control Access to Data

User access and password policies are strictly enforced according to the PCI DSS guidelines. A wide range of secure user authentication sources, including Active Directory, NTLM, LDAP, or ODBC-compatible databases, are supported to simplify integration with your existing structure. Alternatively, you can choose EFT’s built-in Globalscape authentication manager to isolate users from your domain. For added control, the HSM also captures all user activity in a relational database for reporting or individual user activity review.

Facilitate Ongoing Compliance

Facilitate Ongoing Compliance

Your organization’s ongoing compliance is a key focus of the HSM. Policies set according to the PCI DSS are enforced using prompts and warnings; however, ultimate control and flexibility remain in your hands, because non-compliant settings can be accepted by providing a corresponding compensating control.