LOS ANGELES, CA--(Marketwired - Jan 31, 2017) - Lieberman Software Corporation announced that its Privileged Identity Management solution -- Enterprise Random Password Manager™ (ERPM) -- can help organizations meet the privileged access control requirements of PCI-DSS 3.2.
The Payment Card Industry Data Security Standard (PCI-DSS) was developed to strengthen controls over credit card data and reduce cardholder fraud. PCI-DSS 3.1 expired in the fall. Now the new PCI-DSS 3.2 regulations are going into effect. Failure to comply with this mandate can result in expensive fines and the loss of access to crediting agencies.
PCI-DSS stipulates stringent requirements around tracking, securing and auditing the use of privileged identities. It sets minimum requirements for the discovery of privileged accounts on hardware and software assets. PCI-DSS also establishes restrictions on user access, account separation, auditing, password strength and password reuse.
ERPM helps customers achieve these control and auditing requirements. The product automatically discovers privileged accounts throughout the cross-platform enterprise. It provides each account with unique and frequently rotating credentials. ERPM also generates an authoritative audit trail that shows who had access to each privileged account, when and for what purpose. This information can be provided to security auditors to verify compliance with PCI-DSS.
"The PCI standard requires 90 day password changes and attestation is done annually, but we believe this minimum is too dangerous and lax," said Philip Lieberman, President and CEO of Lieberman Software. "With ERPM, passwords can be automatically changed every few hours without outages. We minimize nesting time by limiting all password ages as appropriate for the risk profile of the customer. This technology defeats memory scrapers, Kerberos Gold Key exploits, persistent lateral movement and allows daily attestation of compliance. The best part is that IT staff do not have to waste time changing passwords for sensitive systems. It is all automated."
What's New in PCI-DSS 3.2?
The new PCI-DSS 3.2 maintains all the privileged access security requirements from previous versions, but also adds rules for:
- Ensuring security controls are in place following a change in the cardholder data environment
- Detecting and reporting on failures of critical security control systems, and
- Confirming that personnel are following security policies and operational procedures
ERPM provides privileged access security controls that directly address each of these new directives.
"Taking the good advice PCI is giving and aligning it with the best practice application of ERPM was actually pretty easy," said Jonathan Sander, Vice President of Product Strategy at Lieberman Software. "Since both have the best results in mind, and both seem to take the most direct approach to it, they mapped to each other quite naturally."
Learn More About Complying with PCI-DSS 3.2
For more information on how ERPM helps organizations with the new PCI-DSS mandates, download the solution brief How Privilege Management Helps Meet PCI DSS Compliance at https://liebsoft.com/products/enterprise_random_password_manager/resources/white-papers/meeting-pci-dss-3-2-compliance-privilege-management/.
The solution brief provides a step-by-step correlation between PCI-DSS 3.2 requirements and ERPM.
About Lieberman Software Corporation
Lieberman Software blocks cyber attacks that bypass conventional enterprise defenses and penetrate the network perimeter. The company provides award-winning privileged identity management and security management products. By automatically securing privileged access -- both on-premises and in the cloud -- Lieberman Software controls access to systems with sensitive data, and defends against malicious insiders, zero day attacks and other advanced cyber threats. For more information, visit www.liebsoft.com or follow us on Twitter @liebsoft.
Product and company names herein may be trademarks of their registered owners.