The 12 PCI Requirements

Redbox Platform: A Comprehensive PCI Remediation Solution

Redbox Platform’s feature-rich functionality and innovative design simplify the challenges facing retail merchants and provide a cost-effective PCI remediation solution. Reliant’s Redbox Platform comprehensively satisfies all 12 PCI DSS Requirements as follows:

 

PCI Requirement

Redbox Platform

1 1 Install and maintain a firewall configuration to protect data Inherent to the Architecture. Redbox Platform provides a multiport firewall as part of the solution to provide network access control and network segmentation. Additionally, the architecture provides a means to automate the validation of firewall rules on all Redbox systems.
2 2 Do not use vendor-supplied defaults for system passwords and other security parameters Inherent to the Architecture. Redbox Platform has been standardized and hardened to prevent unauthorized access and is monitored centrally to ensure ongoing system integrity. Additionally, it monitors configurations of POS, application files and other systems to demonstrate that hardened configurations remain in place and detect any unauthorized changes.
3 3 Protect stored data Cardholder data is not stored in the Reliant solution, but the solution can be extended to support features such as encryption key management depending on the POS system requirements and features of the environment.
4 4 Encrypt transmission of cardholder data across public networks Inherent to the Architecture. Encrypts transmission of cardholder data over untrusted networks and non-cardholder data environments through an industry standard VPN that terminates at the merchant headquarters location.
5 5 Use and regularly update anti-virus software All Redbox Platform components include Anti-Virus Software. The system supports use of third-party AV solutions for Windows or Linux POS hosts.
6 6 Develop and maintain secure systems and applications Inherent to the Architecture. Supports System Development Lifecycle requirements through central management console for remote Redboxes. Changes, which range from simple patches to the addition of entirely new features, are controlled centrally and propagate across the Redbox network without the need for any remote-hands support. Additionally, the system supports use of third-party configuration control solutions such as Microsoft’s Active Directory.
7 7 Restrict access to data by business need-to-know Inherent to the Architecture. Access control implementation is flexible depending on environment characteristics. Supports PCI requirement for separation of duties and for secure non-console administrative access with two-factor authentication. Additionally, the system supports use of third-party access control solutions such as Microsoft’s Active Directory.
8 8 Assign a unique ID to each person with computer access Inherent to the Architecture. See item 7 above.
9 9 Restrict physical access to cardholder data Small form factor of Redbox Platform appliance allows it to be easily secured in a manager’s back office or small telecommunications closet.
10 10Track and monitor all access to network resources and cardholder data Inherent to the Architecture. The system automates log collection and aggregation at both store and central locations. Logs are collected from a variety of systems including POS and back-office servers. Redbox Platform provides flexible log reporting and alerts on specified events.
11 11Regularly test security systems and processes Inherent to the Architecture using a variety of technical controls, including:

  • Network-based alerts can be forwarded via email or the Redbox Platform log server
  • File Integrity Monitoring of POS and backoffice systems including daily comparison of critical windows system files
  • Vulnerability Scanning is supported to meet the PCI Requirement for quarterly scans of internal systems
  • Rogue Access Point Detection is supported in a manner consistent with recent guidance from the PCI Standards Council Special Interest Group for Wireless Security
12 12Maintain a policy that addresses information security Documentation of compliance is central to the solution. Reliant provides a thorough description of all controls provided by Redbox Platform in its Redbox Platform Auditor’s Guide. The guide meets the stringent requirements for PCI documentation as proven in repeatedly successful Level 1 PCI audits.
Copyright © 2016 Reliant.
Privacy Statement