PCI DSS

The PCI DSS ensures that organizations that accept or process payment transactions incorporate a set of operational and technical requirements help protect the safety of that data. The developed framework aims to payment data security breaches and fraud in entities that possess card holder data (CHD). This encompasses software developers and manufacturers of applications and devices used in those transactions.

 

 

How does it take form in Cloud Computing

The Payment Card Industry Data Security Standard (PCI DSS) provides a detailed, 12 requirements structure for securing cardholder data that is stored, processed and/ or transmitted by merchants and other organizations.

GoalsRequirementControls
Build and Maintain a Secure Network and Systems1. Install and maintain a firewall configuration to protect cardholder data19
2. Do not use vendor-supplied defaults for system passwords and other security parameters10
Protect Cardholder Data3. Protect stored cardholder data19
4. Encrypt transmission of cardholder data across open, public networks3
Maintain a Vulnerability Management Program5. Protect all systems against malware and regularly update anti-virus software or programs5
6. Develop and maintain secure systems and applications25
Implement Strong Access Control Measures7. Restrict access to cardholder data by business need to know8
8. Identify and authenticate access to system components21
9. Restrict physical access to cardholder data20
Regularly Monitor and Test Networks10. Track and monitor all access to network resources and cardholder data28
11. Regularly test security systems and processes12
Maintain an Information Security Policy12. Maintain a policy that addresses information security for all personnel34

 

System components include network devices (both wired and wireless), servers and applications. Virtualization components and subset of system components comprises of VMs, virtual switches/routers, appliances, applications/desktops, and hypervisors within PCI DSS.

Even if a cloud service provider environment is vetted for certain PCI DSS requirements, this validation does not automatically apply to the customer environments within that cloud service.

 

 

Is Tata Communications PCI-DSS Compliant?

Tata Communications Ltd. is a Service Provider focusing Infrastructure as Service (IaaS) where hardware and network infrastructure is assessed.
TCL does not directly store, transmit or process any cardholder data (CHD) and sensitive Authentication Data (SAD), however its customers may create / set up their own data environment which can be considered as CDE with required tool and configuration that can store, transmit or process cardholder data.

All processing, transmission, storage and protection of customer’s data including CHD is neither responsibility of the entity as the entity doesn’t have Authorization to access their customer premise nor provide PCIDSS required tools for customers to meet PCI DSS compliance.

Following services are covered as part of the infrastructure environment:

NTPAVVPNSysLog
MonitoringDHCPDNSFIM
ADPatch ManagementVCenterProxy

 

Review all of our global compliance programs


Contact us

Contact us to learn how we can help you unleash collaboration, creativity, and commercial innovation.