Compliance Reports and Alerts Overview
Log data allows organizations to manage the challenge of achieving and maintaining PCI compliance. TIBCO LogLogic’s compliance reports and alerts generally fall into the following categories:
- Security and Threat Management
- Change and Configuration Management
- Identity and Access Management
- Monitoring and Reporting
Security and Threat Management
The TIBCO LogLogic® Compliance Suite - PCI Edition includes reports and alerts to show that all network security devices, including firewalls which control traffic into a company’s network, as well as intrusion detection systems which monitor the traffic, have been configured appropriately to allow only the requested and approved traffic in and out of the network.
Non-compliance in this area may result in unauthorized access from the Internet. Often, seemingly insignificant paths to and from the Internet can provide unprotected pathways into key systems. Firewalls are a key protection mechanism for any computer network and are featured prominently in the PCI DSS.
Change and Configuration Management
The TIBCO LogLogic® Compliance Suite - PCI Edition includes reports and alerts to show that all system changes are appropriately requested, approved, tested, and validated by authorized personnel prior to implementation in the production environment.
Non-compliance in this area may result in unauthorized changes and/or improper roll-out of new source code to key systems. This may negatively impact the confidentiality, integrity, and availability of cardholder information.
Identity and Access Management
The TIBCO LogLogic® Compliance Suite - PCI Edition includes reports and alerts to show that all PCI-related systems (i.e., networks, applications, and databases) are appropriately secured to prevent unauthorized use, disclosure, modification, damage or loss of data, and that the division of roles and responsibilities has been implemented to reduce the possibility for a single individual to subvert a critical process. Management needs to ensure that personnel are performing only authorized duties relevant to their respective jobs and positions.
Non-compliance may result in unauthorized or inappropriate access to key systems, which may negatively impact the confidentiality, integrity, and availability of cardholder information.
Monitoring and Reporting
The TIBCO LogLogic® Compliance Suite - PCI Edition includes reports and alerts to allow customers to continuously monitor the IT infrastructure for security violations and other anomalies. Reports are provided in a format meaningful to stakeholders. The monitoring statistics should be analyzed and acted upon to identify trends for individual systems and the overall PCI environment.
Non-compliance in this area could significantly impact service availability as well as security of the IT infrastructure.