Offical Blog

PCI Compliance

The later part of 2009 PCI Security Stands Council issued a set of new guidelines. This version 1.2.1 does bring clarity to a couple of previous gray areas.

The gray area for compliance was using a 3rd party for payment processing. Of course 3rd parties were subject to standards. The question was if the organization performing the work or service and accepting payment via credit would be exempt. It now clearly states that “ALL SYSTEMS COMPONENTS, SYSTEM COMPONENTS ARE DEFINED AS ANY NETWORK COMPONENT, SERVER, OR APPLICATION THAT IS INCLUDED IN OR CONNECTED TO THE CARDHOLDER DATA ENVIRONMENT. THE CARDHOLDER DATA ENVIRONMENT IS THAT PARTO OF THE NETWORK THAT POSSESSES CARDHOLDER DATA OR SENSITIVE AUTHENTICATION DATA. NETWORK COMPONENTS INCLUDED BUT ARE NOT LIMITED TO FIREWALLS, SWITCHES, ROUTERS, WIRELESS ACCESS POINTS, NETWORK APPLIANCES, AND OTHER SECURITY APPLIANCES. PCI COMPLIANC ALSO IS REQUIRED IF THE PAN NUMBER TRANSITS ANY PART OF THE NETWORK.

Barrier1 with its comprehensive inspection including Web Application Firewall is PCI compliant. In additional steps, Barrier1 includes 1 complete network vulnerability assessment with yearly licensing and support renewals.