Tenable Provides Continuous Monitoring for Adherence to PCI Security Controls
All businesses that are involved in the transmission, processing, or storage of payment card data, including third party service providers that may impact the security of the data, are required by the major credit card companies to adhere to the requirements set forth in the PCI DSS and demonstrate ongoing compliance on an annual basis.
Tenable offers a variety of solutions that help your company meet certain PCI DSS requirements, monitor your cardholder data environment to maintain a secure and compliant state, assure that critical security processes are followed, and provide evidence of compliance for annual validation assessments. Tenable's continuous monitoring capabilities enable entities to track the "Business as Usual" activities stipulated in the latest version of the PCI DSS.
SecurityCenter CV: Maintain Ongoing Compliance
Tenable SecurityCenter Continuous View™ (SecurityCenter CV™) is the only comprehensive vulnerability, threat and compliance management platform that alleviates the time-consuming process of forensic analysis and threat or incident response. SecurityCenter CV incorporates unlimited Nessus® and Passive Vulnerability Scanner™ (PVS™), and the Log Correlation Engine™ (LCE™) in one platform.
Meet: Use SecurityCenter CV to continuously detect the presence of malware and malicious programs in your environment. It provides secure log normalization, aggregation and storage, and daily reviews.
Drive: Use SecurityCenter CV to continuously monitor and discover new devices and virtual systems on the network that may impact the security of your cardholder data environment.
Guard: Use SecurityCenter CV to identify PCI-relevant assets and to focus vulnerability scans on those assets. It creates a single view of risk exposure that includes Internet-facing web application vulnerabilities.
Prove: The SecurityCenter CV platform offers continuous monitoring and centralized intelligence for maintaining and demonstrating an ongoing posture of adherence to the PCI DSS standards.
PVS: Enforce your Cardholder Data Environment
Passive Vulnerability Scanner™ (PVS™) provides continuous scanning of network security supported by pre-configured scanning scripts (“plug-ins”) and the ability to customize plug-ins for an organization's unique scanning requirements. Continuous scanning provides real-time analysis of the state of an organization's security. PVS is available as an individual product subscription or as an integrated component of SecurityCenter CV.
Drive: Use PVS to detect internal data flows where cardholder data is involved. Of particular concern are undocumented processes not included in the scoping of the cardholder data environment for adhering to PCI DSS requirements.
Guard: PVS detects unprotected transmissions of Primary Account Numbers (PANs) outbound from the network or cardholder data environment.
Nessus Enterprise Cloud: Meet ASV Scan Requirements
Tenable's Nessus Enterprise Cloud provides quarterly external network scans to fulfill PCI external scanning requirements for all merchants and service providers. Nessus Enterprise Cloud is a PCI-Certified Approved Scanning Vendor (ASV) solution.
Meet: Use Nessus Enterprise Cloud to perform official PCI ASV scans and submit them for quarterly validation and attestation. Nessus Enterprise Cloud may also be used to protect public-facing web applications by providing automated application vulnerability security assessments on a periodic basis or after any changes are made to the web application.
Prove: Tenable’s PCI-certified professionals will review up to 2 PCI ASV scans per calendar quarter and upon approval will provide detailed and executive summary findings reports and the required Attestation of Compliance form.
Nessus: Meet PCI Requirements
Meet: Use Nessus to meet all PCI DSS internal scanning requirements. Nessus also tests web applications for secure coding to OWASP specifications and performs web application vulnerability assessments.
Drive: Use Nessus to baseline your in-scope systems for initial PCI compliance activities. Perform configuration and compliance audits to determine whether systems are adhering to build standards, hardening guides, access controls, user account management, and are current with anti-virus/anti-malware and patch protections.
Guard: Nessus identifies sensitive data subject to PCI compliance requirements such as credit or debit primary account numbers. Nessus performs these searches without an agent and only requires valid credentials to scan a remote computer. Identify and validate your cardholder data environment based on these results.
Prove: Nessus results can be used during the PCI compliance assessment to demonstrate periodic and ongoing processes were maintained throughout the assessment period as required by numerous PCI DSS requirements.
"Straight Talk about PCI" - the PCI Discussion Forum
Tenable hosts a discussion forum devoted to PCI called "Straight Talk about PCI". This forum is a “safe” place where you can ask questions related to any and all aspects of PCI. The Forum is intended to be a resource for accurate information regarding the PCI Data Security Standards, particularly in the areas of defining terminology, scoping your cardholder data environment, properly navigating the compliance process, and providing interpretation, guidance, and advice on the best ways to satisfy the PCI compliance validation requirements faced by your organization. The PCI Discussion Forum is moderated by Tenable’s resident PCI subject matter expert who shares insights and lessons-learned from nearly ten years of experience as a Qualified Security Assessor (QSA). The forum allows our PCI Expert to share extensive knowledge and experience with the larger segment of the PCI Community that does not ordinarily have access to QSA experiences or insights.