Achieving PCI COMPLIANCE with the 2020 Audit & Control Suite.

(1)

www.lepide.com/2020-suite/

Achieving

PCI COMPLIANCE

with the

(2)

www.lepide.com/2020-suite/

7. Restrict access to cardholder data by business need to know

PCI Article (PCI DSS 3)

Report Mapping

How we help

7.1 Limit access to system components

and cardholder data to only those individuals whose job requires such access.

Active Directory / Active Directory Modifications Reports -> Admin Group Modification

Active Directory / Active Directory Security Reports ->

Permission Modifications, Owner Modifications

LepideAuditor For File Server / Permission Changes

SQL Server / All Server Object Modifications/All Database Object Modifications

Using our Auditor suite we can help organizations determine what uses are accessing which systems and which data us being accessed. We can also alert and report on permission changes to relevant data. While we aren’t controlling access we are providing visibility around access. While our auditor suite does not technically restrict or Limit access it provides visibility through alerts, reports etc. to allow you to what’s occurring on specific parts of your IT environment.

7.2 Establish an access control system

for systems components that restricts access based on a user’s need to know, and is set to “deny all” unless specifically allowed.

Active Directory / All Modification Reports -> Object

Modifications

Group Policy Object / Group Policy Modification Reports -> Group Policy Object Modified

LepideAuditor For File Server / Permission Changes

SQL Server / Login Reports -> Login Modified

By providing a log trail of changes made to systems such as Active Directory, File Servers, SQL Servers, SharePoint and Exchange servers we can show you unauthorized changes being made to these platforms which help mitigate the risk of violation, and enable you to determine the best cause of remediation in such an event.

We allow you to see changes to permissions, modification to logons or changes made to group policy which helps

(3)

www.lepide.com/2020-suite/

8. Identify and authenticate access to system components

8.1 Define and implement policies and procedures to ensure proper user identification management for non-consumer users and administrators

on all system components as follows:

PCI Article (PCI DSS 3)

Report Mapping

How we help

8.1.1 Assign all users a unique ID before

allowing them to access system components or cardholder data.

Active Directory / Logon, Logoff reports Active Directory / All Modification Reports -> Object Modifications

Group Policy Object / Group Policy Modification

By reviewing the Logon and Logoff audit reports we can show if a user is logging from more than one computer. We can alert and report on this and allow corrective action to be taken.

8.1.2 Control addition, deletion, and

modification of user IDs, credentials, and other identifier objects.

Active Directory / User Reports -> User Created

Active Directory / All Modification Reports -> Object Modifications

SQL Server / Login Reports -> Login Modified

While we don't directly control these things we provide the necessary auditing of events such as user creation,

(4)

www.lepide.com/2020-suite/

8.1.3 Immediately revoke access for any

terminated users.

Active Directory / User Reports -> User Status Modifications

We can show you user permission changes and report on Inactive Users to help verify that the access of Inactive Users is revoked accordingly.

8.1.5 Manage IDs used by vendors to

access, support, or maintain system components via remote access as follows:

• Enabled only during the time period needed and disabled when not in use

• Monitored when in use

Active Directory / User Reports -> User Modifications, User Status Modifications SQL Server / Login Reports -> Login Modified

We can help audit the enabling and disabling of accounts and track the respective activities of designated users to support this mandate.

8.1.6 Limit repeated access attempts by

locking out the user ID after not more than six attempts.

Active Directory / User Reports -> User Modifications, User Status Modifications

(5)

www.lepide.com/2020-suite/

8.1.7 Set the lockout duration to a

minimum of 30 minutes or until an administrator enables the user ID.

Group Policy Object / Group Policy Modification Reports -> All Account Lockout Policy Modified

Analyze the audit log to verify that the AD account lockout policy is configured and working properly.

PCI Article (PCI DSS 3)

Report Mapping

How we help

8.2.3 Passwords/phrases must meet the

following:

• Require a minimum length of at least seven characters

• Contain both numeric and alphabetic characters

Alternatively, the passwords/phrases must have complexity and strength at least equivalent to the parameters specified above.

Group Policy Object / Group Policy Modification Reports -> Password Policy Modified

(6)

www.lepide.com/2020-suite/

8.2.4 Change user passwords/passphrases

at least every 90 days.

Group Policy Object / Group Policy Modification Reports -> Password Policy Modified

By auditing the change in password policy settings in active directory we can help you review to verify that password policy is defined according to compliance requirement.

8.2.6 Set passwords/phrases for first-time

use and upon reset to a unique value for each user, and change immediately after the first use.

Active Directory / User Reports -> User

Modifications, User Status Modifications By auditing all newly created accounts, logon and password changes we can help you verify that no violation is occurring.

8.5 Do not use group, shared, or generic

IDs, passwords, or other authentication methods as follows:

• Generic user IDs are disabled or removed.

• Shared user IDs do not exist for system administration and other critical functions.

• Shared and generic user IDs are not used to administer any system components.

LepideAuditor For File Server / All Changes

(7)

www.lepide.com/2020-suite/

10. Track and monitor all access to network resources and cardholder data

PCI Article (PCI DSS 3)

Report Mapping

How we help

10.1 Implement audit trails to link all

access to system components to each individual user.

Group Policy Modification Reports -> Group Policy Object Modified SQL Server / All Server Object Modifications/All Database Object Modifications

We provide detailed auditing of access to the all the respective systems and users throughout Active Directory, File Servers and SQL Servers.

10.2 Implement automated audit trails for

all system components to reconstruct the following events:

• 10.2.1 All individual user accesses to cardholder data

• 10.2.2 All actions taken by any individual with root or

administrative privileges • 10.2.4 Invalid logical access

attempts

SQL Server / All Server Object Modifications, All Database Object Modifications

Changes to the system components made by individual can be audited by Auditor. After defining the auditing criteria auditing takes place automatically.

Audit trails can be generated for users of all types and privilege levels across any part of the IT environment. We also track and alert on failed access attempts.

Also audit all the activities performed by users having administrative or any other privileges.

(8)

www.lepide.com/2020-suite/

PCI Article (PCI DSS 3)

Report Mapping

How we help

10.2 5 Use of and changes to identification

and authentication mechanisms- including but not limited to creation of new accounts and elevation of privileges- and all

changes, additions, or deletions to accounts with root or administrative privileges.

Exchange Server / Exchange Modification Reports -> MS Exchange Modification Reports -> All Modifications in Exchange Server

SQL Server / All Server Object Modifications / All Database Object Modifications

All the changes to user accounts and user permissions in Active Directory, Exchange Server, Group Policy, File System and SQL Server are logged as needed. We also audit all the changes to all the users including those users having root or administrative permissions.

10.2.6 Initialization, stopping, or pausing of

(9)

www.lepide.com/2020-suite/

10.2.7 Creation and deletion of

system-level objects

SQL Server / All Server Object Modifications, All Database Object Modifications

LepideAuditor audits all the modifications to critical files as specified, Active Directory Objects, SQL Server and

database Objects (like tables, stored procedures etc.).

PCI Article (PCI DSS 3)

Report Mapping

How we help

10.3 Record at least the following audit

trail entries for all system components for each event:

• 10.3.1 User identification • 10.3.2 Type of event • 10.3.3 Date and time

• 10.3.4 Success or failure indication • 10.3.5 Origination of event

• 10.3.6 Identity or name of affected data, system component, or resource.

Exchange Server / Exchange Modification Reports -> MS Exchange Modification Reports -> All Modifications in Exchange Server

Group Policy Object / Group Policy Reports

SharePoint / All SharePoint Modification Reports

SQL Server / All Server Object Modifications/All Database Object Modifications

Changes made to the system components in Active

Directory objects, Group Policy Objects, Files and Folders at File system, SQL Server objects (like Database, tables, user etc.), SharePoint and Exchange server objects are recorded. Audit reports can be generated that detail User

(10)

www.lepide.com/2020-suite/

10.6 Review logs and security events for all

system components to identify anomalies or suspicious activity.

All reports 'All Systems' Audit report can be reviewed daily, weekly, monthly or as required. There also an extensive list of preset reports or the ability to build your own report as needed.

10.7 Retain audit trail history for at least

one year, with a minimum of three months immediately available for analysis.