PCI Compliance for Cloud Infrastructure

Protect Payment Cardholder Data

icon Free Compliance Audit

  PCI Compliance for Organizations in the Cloud

If your organization accepts or processes payment cards, you must be in compliance with PCI Data Security Standards (PCI). PCI is categorized into 6 high-level goals mapped to 12 requirements based on security best practices that addresses technical and operational components connected to cardholder data.

While all 6 goals are important for overall PCI compliance, the following 4 goals and 7 requirements are the most relevant for organizations in the cloud.

Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks

Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access

Regularly Monitor and Test Networks:
Requirement 10: Track and monitor all access to network resources and cardholder data

 

Read more about the PCI goals and requirements here.
 

How Fugue Helps with PCI Compliance

Detect Compliance Violations

Fugue continuously evaluate your cloud environments for PCI compliance violations with predefined rules mapped to PCI compliance controls. If a resource is determined as non-compliant, an alert will be sent to notify the compliance team. The compliance team can then determine whether to correct the non-compliant resource setting an established baseline for future enforcement.
pci-compliance-list-1

Enforce Baselines with Codeless Auto-Remediation

Fugue utilizes baselines to auto-remediate and correct compliance violations via self-healing. With baseline enforcement, misconfiguration is automatically corrected back to the PCI-compliant baseline without writing automation scripts. 

Enforce Baselines with Codeless Auto-Remediation

Report on Compliance Posture

Fugue makes it easy to report on your PCI compliance posture. Detailed reports, dashboards, and visualizations are available to easily track and monitor your cloud resources. Daily or weekly reports highlighting compliant and non-compliant resources can be emailed to executives or auditors  to show proof of compliance.
pci-reporting

PCI Compliance with Fugue

Schedule a demo to see how Fugue can help your organization ensure that your infrastructure configurations are PCI compliant.

icon Schedule A Demo