The PCI DSS ensures that organizations that accept or process payment transactions incorporate a set of operational and technical requirements help protect the safety of that data. The developed framework aims to payment data security breaches and fraud in entities that possess card holder data (CHD). This encompasses software developers and manufacturers of applications and devices used in those transactions.

 

 

How does it take form in Cloud Computing

The Payment Card Industry Data Security Standard (PCI DSS) provides a detailed, 12 requirements structure for securing cardholder data that is stored, processed and/ or transmitted by merchants and other organizations.

Goals Requirement Controls
Build and Maintain a Secure Network and Systems 1. Install and maintain a firewall configuration to protect cardholder data 19
2. Do not use vendor-supplied defaults for system passwords and other security parameters 10
Protect Cardholder Data 3. Protect stored cardholder data 19
4. Encrypt transmission of cardholder data across open, public networks 3
Maintain a Vulnerability Management Program 5. Protect all systems against malware and regularly update anti-virus software or programs 5
6. Develop and maintain secure systems and applications 25
Implement Strong Access Control Measures 7. Restrict access to cardholder data by business need to know 8
8. Identify and authenticate access to system components 21
9. Restrict physical access to cardholder data 20
Regularly Monitor and Test Networks 10. Track and monitor all access to network resources and cardholder data 28
11. Regularly test security systems and processes 12
Maintain an Information Security Policy 12. Maintain a policy that addresses information security for all personnel 34

 

System components include network devices (both wired and wireless), servers and applications. Virtualization components and subset of system components comprises of VMs, virtual switches/routers, appliances, applications/desktops, and hypervisors within PCI DSS.

Even if a cloud service provider environment is vetted for certain PCI DSS requirements, this validation does not automatically apply to the customer environments within that cloud service.

 

 

Is Tata Communications PCI-DSS Compliant?

Tata Communications Ltd. is a Service Provider focusing Infrastructure as Service (IaaS) where hardware and network infrastructure is assessed.
TCL does not directly store, transmit or process any cardholder data (CHD) and sensitive Authentication Data (SAD), however its customers may create / set up their own data environment which can be considered as CDE with required tool and configuration that can store, transmit or process cardholder data.

All processing, transmission, storage and protection of customer’s data including CHD is neither responsibility of the entity as the entity doesn’t have Authorization to access their customer premise nor provide PCIDSS required tools for customers to meet PCI DSS compliance.

Following services are covered as part of the infrastructure environment:

NTP AV VPN SysLog
Monitoring DHCP DNS FIM
AD Patch Management VCenter Proxy

 

Review all of our global compliance programs

Contact us

Contact us to learn how we can help you unleash collaboration, creativity, and commercial innovation.