How to automate PCI checks for network devices

PCI DSS compliance requires organisations to perform regular audits of their network environments to ensure that cardholder data is always protected. PCI compliance audits take place at 6 month intervals, but the preparation work for IT managers, PCI compliance managers and internal auditors often begins many weeks in advance.

Restorepoint helps customers dramatically shorten audit cycles and demonstrate PCI DSS compliance by implementing automated processes and PCI DSS compliance checks across network and security devices including routers, switches and firewalls. The PCI Data Security Standard specifies12 requirements, and by using Restorepoint, organisations are able to meet the following PCI DSS requirements.

PCI DSS Requirements and the Benefits
of Using Restorepoint

1.1 Establish and implement firewall and router configuration standards.

Restorepoint enables you to standardise network configurations, to detect and track changes since the last audit using configuration baselines. Checks are performed at the point of your scheduled configuration backup, and alerts sent if required.
1.2 Build firewall and router configurations that restrict connections between untrusted networks and any system components in the cardholder data environment.

Using Restorepoint compliance policies, you can quickly assess if devices are configured to allow untrusted connections or protocols. Checks are performed every-time a configuration backup is taken, and alerts can be sent to highlight a PCI violation.
1.2.2 Secure and synchronise router configuration files.
‍
Restorepoint secures configurations using AES encryption to protect the sensitive data that network configurations contain, such as passwords and IP address. Restorepoint can also check whether a device no longer meets an approved baseline or build.
1.2.3 Install perimeter firewalls between all wireless networks and the cardholder data environment, and configure these firewalls to deny or, if traffic is necessary for business purposes, permit only authorized traffic between the wireless environment and the cardholder data environment.
‍
Using Restorepoint compliance policies, you can quickly assess if devices are configured to allow untrusted connections or protocols. Checks are performed every-time a configuration backup is taken, and alerts can be sent to highlight a PCI violation.
1.3 Prohibit direct public access between the Internet and any system component in the cardholder data environment.
‍
Using Restorepoint compliance policies, you can quickly assess if devices are configured to allow untrusted connections or protocols. Checks are performed every-time a configuration backup is taken, and alerts can be sent to highlight a PCI violation.
2.1 Always change vendor-supplied defaults and remove or disable unnecessary default accounts before installing a system on the network.
‍
Restorepoint automatically detects the use of default vendor/manufacturer passwords. Passwords can be regularly updated in bulk using our Device Control feature. Furthermore, password policies can be used to ensure that devices conform with your password stands for strength/length.
2.4 Maintain an inventory of system components that are in scope for PCI DSS.
‍
Restorepoints customisable Asset Management functionality acts as a live network inventory. Allowing you to Track device IP addresses, locations, firmware revisions, network interfaces, licenses and more.
2.5 Ensure that security policies and operational procedures for managing vendor defaults and other security parameters are documented, in use, and known to all affected parties.
‍
Restorepoint can store any vendor documentation and PCI policies so that it is easily available to the users who need it.
8.2.3 PCI DSS Password Requirements - Passwords/passphrases must meet the following:
- Require a minimum length of at least seven characters.
- Contain both numeric and alphabetic characters.
‍
Restorepoints Password policies can be applied to devices to ensure that they conform to company policy and that PCI DSS password requirements regarding the use of strong passwords are met.
8.2.4 PCI DSS Password Requirements - Change user passwords/passphrases at least once every 90 days.

Passwords can be regularly updated in bulk using our Device Control feature, simplifying compliance of PCI DSS password requirements and saving administrators valuable time. Restorepoint manages bulk changes quickly, and provides visibility of the changes as they're performed.
10.7 Retain audit trail history for at least one year, with a minimum of three months immediately available for analysis (for example, online, archived, or restorable from backup)
‍
Restorepoint enables customers to retain multiple versions of their network configurations using customisable schedules for disaster recovery and auditing. Configurations versions can be compared to highlight changes, baseline differences and restored in seconds if needed.
10.8 Additional requirement for service providers only: Implement a process for the timely detection and reporting of failures of critical security control systems
‍
Restorepoint is used by many service providers to manage the configuration backup, compliance and device monitoring of customer devices.
11.5 Deploy a change-detection mechanism (for example, file-integrity monitoring tools) to alert personnel to unauthorized modification (including changes, additions, and deletions) of critical system files, configuration files, or content files; and configure the software to perform critical file comparisons at least weekly.
‍
Restorepoint performs change detection at the point of backup, allowing you to detect whether devices have been altered, meet PCI DSS compliance requirements or no longer meet approved baselines.

Automate PCI DSS Compliance Checks for Network Devices

Save hours of configuration auditing time with continuous PCI compliance.