Beruflich Dokumente
Kultur Dokumente
In a world with fewer borders, the demand for network security changes from Control access
security at the gate, to security at the source. AppGate is the leader in this space,
with a solution that protects applications, protects communication and secures to your
end point devices. The AppGate solution supports all types of transmission, fixed, sensitive
wireless and mobile and is easily integrated into any customer environment. resources with
AppGate has customers in 23 countries, many from market segments like defence,
government and Fortune 500 companies. AppGate
Preface
This document describes the twelve requirements defined in the Payment Card Industry (PCI)
Data Security Standard (DSS) v1.1 and how AppGate may support your PCI DSS compliance.
The twelve PCI DSS requirements are organized into six logically related groups called the
“control objectives.” The following table illustrates commonly used elements of cardholder and sensitive
authentication data whether storage of each data element is permitted or prohibited and if each
data element must be protected. This table is not exhaustive, but is presented to illustrate the
different types of requirements that apply to each data element.
*These data elements must be protected if stored in conjunction with the PAN. this protection must be consisitent with
PCI DSS requirements for general protection of the cardholder environment. Additionally, other legislation (for example,
related to consumer personal data protection, privacy, identity theft, or data security) may require specific protection of
this data, or proper disclosure of a company´s prctices if consumer relatd personal data is being collected during the
course of usiness. PCI DSS; however, does not apply if PANs are not stored, processed, or transmitted.
** Sensitive authentication data must not be stored subsequent to authorization (even if encrypted)
PCI DSS requirements are applicable if a Primary Account Number (PAN) is stored, processed, or
transmitted. If a PAN is not stored, processed, or transmitted, PCI DSS requirements do not apply.
These security requirements apply to all “system components.”
System components are defined as any network component, server, or application that is included in or
connected to the cardholder data environment. The cardholder data environment is that part of the network
that possesses cardholder data or sensitive authentication data. Adequate network segmentation, which
isolates systems that store, process, or transmit cardholder data from those that do not, may reduce the
scope of the cardholder data environment. Network components include but are not limited to firewalls,
switches, routers, wireless access points, network appliances, and other security appliances. Servers
include but are not limited to the following: web, database, authentication, mail, proxy, network time
protocol (NTP), and domain name servers (DNS).
Applications include all purchased and custom-made applications including internal and
external (Internet) applications.
The PCI Security Standards Council is an open global forum for the ongoing development,
enhancement, storage, dissemination and implementation of security standards for account data
protection. Read all about the standard at https://www.pcisecuritystandards.org/
Overview of requirements
Build and Maintain a Secure Network
Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes
Mobile users!
Web server!
App server!
Service!
Network! DB server!
Internet!
Payment server!
Home! AppGate !
Security !
Admin!
Server!
Access!
Internal!
LAN!
Office!
B2B solutions may use AppGate for strong authentication and access control on the client side too, if
needed.
Hosting Providers and Service Providers may share the same AppGate server to administrate the different
services on different servers.
Requirement 1:
AppGate supports
Requirement 2:
AppGate supports
Requirement 6:
AppGate supports separation of development, test, and production environments when you implement
Separation of Duties on the business level.
Requirement 7:
AppGate supports
• limiting access to computing resources and cardholder information only to those individuals whose job
requires such access.
• establishment of a mechanism for systems with multiple users that restricts access based on a user’s
need to know and is set to “deny all” unless specifically allowed.
Requirement 8:
AppGate supports
• in addition to assigning a unique ID, employing the following methods to authenticate all users
o Password
o One-Time-Password via GSM/SMS
o SecurID
o Cryptocard
o Certificate
o Public Key
AppGate makes it easier to be compliant with PCI DSS for every type of
organisation. Through its unique way of enforcing “who should be able to
access what” according to a security policy, AppGate is a cost-effective and
secure way to control access. For more information please contact
sales@appgate.com or visit our website www.appgate.com.
www.appgate.com