ArcSight Compliance Insight Package for PCI: Automatically Identify PCI Compliance Violations

The ArcSight Compliance Insight Package for Payment Card Industry (PCI) delivers automatic analysis and reporting for Level One and Level Two Merchants

Highlights:

• Efficiently manage PCI security measures on an ongoing basis
• Quickly prepare for upcoming PCI audits  
• Immediately demonstrate PCI compliance to auditors

Common Security Standard to Safeguard Consumer Data
Credit card companies led by Visa, MasterCard, American Express and Discover have been working with online merchants to adopt security standards to protect consumer data, such as card numbers. The result is a system known as the Payment Card Industry Data Security Standard, or PCI. The PCI standard established a list of 12 detailed requirements that large merchants and service providers that handle cardholder data must have met by June 30, 2005. These requirements include strong end-user access controls and activity monitoring and logging, as well as the need to regularly test security systems and processes. Merchants that accept credit card payments now have to prove that their payment systems have the proper security measures to stop fraud and compromised data—or risk substantial fines.

Bringing Automation to the PCI Problem
The ArcSight Compliance Insight Package for PCI is the only regulation-specific package that allows organizations to automatically and easily leverage the powerful capabilities of security management to address PCI requirements. Unlike "reporting only" products, this package uses the powerful capabilities of ArcSight ESM to automatically identify violations specific to the PCI standard via a closed loop, reportable process. ArcSight ESM automatically collects information from system components covered under PCI and provides an intelligent layer of analysis, audit and documentation. 

Addressing Every Phase of PCI Management
ArcSight helps you make your PCI compliance program more efficient, effective and auditable. ArcSight Compliance Insight Package for PCI is specifically tuned to help organizations automatically per form the following actions:

• Manage PCI security measures on an ongoing basis

• Prepare for upcoming PCI audits

• Demonstrate PCI compliance to auditors

The ArcSight Compliance Insight Package for PCI is the ultimate protection and efficiency for ongoing management of PCI requirements. This package analyzes data from existing infrastructure to immediately identify PCI compliance issues through a combination of technical analysis and business process monitoring. These automated checks are supported by a closed loop, auditable workflow that ensures all PCI violations are appropriately  addressed as they are discovered.

The ArcSight Compliance Insight Package for PCI helps merchants prepare for PCI audits by providing a comprehensive view of PCI compliance status throughout the enterprise. Now, enterprises can easily pinpoint and address non-compliant systems, broken processes and unresolved compliance violations prior to the actual audit. During an audit, the ArcSight Compliance Insight Package for PCI assists organizations in demonstrating PCI-specific controls through a direct mapping of PCI requirements to active rules, scheduled reports, real-time dashboards and automated actions.

ArcSight Compliance Insight Package for PCI Features
This package is designed to provide a comprehensive solution for enterprises concerned about PCI compliance, with features including:

• Business and technical dashboards for overall PCI compliance, plus unique dashboards for individual PCI requirements, enabling organization to continuously evaluate the status of PCI compliance.
• Over 25 automated business and technical checks directly audit PCI requirements to minimize exhaustive report review.
• Over 100 business, technical and procedural reports to ensure and demonstrate compliance related tasks.
• Automated risk-based actions, including priority escalation, case creation and notification.