Securing mainframe environments is becoming an increasingly difficult task. The list of challenges that organizations must address continues to grow as security systems and networks increase in size and complexity. Acquisitions and mergers just complicate these issues. Most IT security departments today struggle to meet organizational demands, especially with limited staff resources and budgets.
Blue Turtle and Vanguard recognize that companies that suffer cardholder data breaches can no longer use positive audit results from a qualified security assessor (QSA) to protect them from penalties. New Payment Card Industry Data Security Standard (PCI DSS) requirements make it clear that all companies involved in payment card processing must prove compliance.
In the past, many companies labeled mainframe systems “out of scope” of PCI DSS assessments or designated them as compliant by default without showing any actual proof. Today many mainframe systems are clearly in scope and must be assessed for PCI DSS compliance.
Vanguard Integrity Professionals provides professional services and software to help companies meet PCI DSS requirements before a formal audit takes place.
The Vanguard Professional Services for PCI DSS is an efficient solution, it includes pre-audit compliance assessment, penetration testing, compliance remediation and implementation of new security services such as role-based access control and two-factor authentication.
Vanguard security and compliance software helps companies meet specific PCI DSS requirements by providing:
Precise role-based and group-based access controls
Continuous system monitoring
Real-time intrusion detection
Integration with leading SIEM tools
Pre-Audit Compliance Assessment
Vanguard professional services team rigorously evaluates System z and RACF against all applicable PCI DSS requirements and delivers a final assessment report that includes details about all findings, severity rankings of each finding, remediation instructions, and guidance about how to maintain the system to ensure security and compliance.
Vanguard consultants review System z and RACF to identify vulnerabilities that least-privileged users can exploit to attain supervisor-level status, and provide a report with details on each vulnerability finding, guidance on how to remediate the system, and a plan and methodology for ongoing penetration testing.
Vanguard consultants apply their deep System z and RACF knowledge to remediate all PCI DSS security vulnerability and compliance violations, and transfer knowledge to internal security staff about changes made and requirements for maintaining compliance and security.
New Security Services Implementation
Vanguard professional services team helps companies meet PCI DSS requirements by implementing new services such as role-based access control (RBAC) and two-factor authentication. For RBAC, Vanguard consultants apply their proven expertise to manage or oversee the implementation of access controls that ensure mainframe systems comply with PCI DSS role-based requirements. For two-factor authentication, Vanguard experts manage the deployment of physical and virtual tokens for personnel and third parties who access network resources remotely.
Security and Compliance Software for PCI DSS
Vanguard has range of software that monitors, detects and reports on mainframe security and compliance problems to improve system integrity, verification, and auditing capabilities, and ensure compliance with PCI DSS and other industry and regulatory requirements. Blue Turtle’s chosen Vanguard software can help companies meet specific PCI DSS requirements by providing the following benefits:
• Precise role-based and group-based access controls to system and network resources
• Continuous monitoring of system log data and other information
• Automatic alerts of potential intrusions or weakening of security or compliance controls
• Real-time detection of intrusion threats within two seconds of occurrence
• Immediate corrective action to automatically prevent systems from being compromised
• Automated vulnerability assessment, risk identification and threat analysis
• Reports and instructions about how to fix identified problems
• Precise control over which commands security administrators can issue
• Two-factor authentication integrated with RACF using physical or virtual tokens
• Security and compliance best practices integrated into all software offerings
• Integration with leading SIEM tools