Now’s the time to deploy unified identity management across Windows, Linux, and Unix systems. Version 3.1 of the Payment Card Industry Data Security Standard (PCI DSS) expired on October 31, 2016. While companies are advised to adopt Version 3.2 as soon as possible, they technically have until Feb. 1, 2018 to implement the changes. Smart companies will take this time to get in front of new PCI regulations by deploying unified identity management across Windows, Linux, and Unix systems. The PCI DSS 3.2 consists of 12 requirements spread across six domains. Since the standard is primarily concerned with protecting cardholder data, these requirements focus on user access to the servers that host this data or through which PCI data passes. Fortunately, a robust unified identity management solution can help organizations meet most the requirements. Such a solution not only provides security controls to manage and constrain privileged user access to PCI DSS systems and data, but also helps reduce PCI scope and bolster mechanisms in anticipation of future PCI DSS changes. PCI DSS Requirement 1.2 requires firewall and router configurations that restrict connections between untrusted networks and any system components in the cardholder data environment. A unified identity management solution can help organizations meet this requirement through Group Policy-based enforcement of an iptables-based firewall. By using this policy, administrators can restrict inbound traffic to specific ports from specific IP addresses. But it doesn’t stop there. Organizations can apply additional protections for the server by deploying a solution that also requires authentication before any communication. This can be applied to both inbound and outbound communications to ensure that PCI systems are only able to communicate with other PCI systems. This not only reduces the potential scope of compliance but also adds a layer of protection that the PCI Security Standards Council could later require. Let’s look at another example. Requirement 2.3 requires organizations to encrypt all non-console administrative access using strong cryptography. Telnet is used on many systems, but it isn’t secure and should be replaced with SSH. Newer versions of OpenSSH support Kerberos for user authentication. When organizations combine OpenSSH with a unified identity management solution, they eliminate the need to manage static SSH keys. This reduces operational overhead but also reduces the risk of user error. Furthermore, some identity management providers provide a compiled and easy-to-install version of the latest OpenSSH, ensuring consistency across all systems as well as the highest levels of security. Finally, a unified identity management solution can enable secure remote access without a VPN. While VPN traffic can be secure, it introduces other risks by allowing remote users broader access beyond the server they need to login to. By selectively establishing a remote session with a discrete resource, organizations reduce the scope of PCI compliance and improve on the PCI DSS’s baseline requirement. These are only a few examples of how a unified identity management approach can help organizations get ahead of PCI DSS compliance. To learn more, download the white paper, Becoming PCI DSS Compliant. Related content brandpost Sponsored by Centrify Making Multi-factor Authentication Easy to Use A user-friendly approach to MFA can boost security and increase adoption By Crystal Bedell Jan 05, 2017 5 mins Security brandpost Sponsored by Centrify How to Reduce the Risk of Windows Server Insider Threats Three common insider threats and how to thwart them By Crystal Bedell Jan 03, 2017 3 mins Security brandpost Sponsored by Centrify Outsourcing IT Services: Reduce the Risk of Privileged Credentials Adopting a single identity platform can help reduce security vulnerabilities By Crystal Bedell Dec 21, 2016 3 mins Security brandpost Sponsored by Centrify How Much MFA is Too Much MFA? The goal: Ensure optimum security and preserve user convenience By Chris Carroll Dec 15, 2016 3 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe