Documentation
How PolicyCortex Ensures PCI DSS 4.0 Compliance in the Cloud
Complete Payment Card Industry Data Security Standard (PCI DSS 4.0) compliance with automated cardholder data protection, network security monitoring, and continuous vulnerability management.
PCI DSS Quick Start Guide: Install & Configure PolicyCortex
PCI DSS 4.0 Requirements
Cardholder Data Protection
PolicyCortex provides comprehensive PCI DSS 4.0 compliance with automated data discovery, network segmentation validation, and continuous security monitoring for payment card environments.
Build & Maintain Secure Network
- • Req 1: Install and maintain network security controls
- • Req 2: Apply secure configurations to all system components
- • Network segmentation validation
- • Firewall rule management
- • Default password remediation
Protect Cardholder Data
- • Req 3: Protect stored account data
- • Req 4: Protect account data with strong cryptography
- • Data discovery and classification
- • Encryption key management
- • Secure data transmission
Automated Data Discovery
Cardholder Data Environment (CDE) Mapping
Automatically discover and classify cardholder data across your entire infrastructure with continuous monitoring for data flow changes and storage locations.
# PCI DSS Data Discovery & Classification
pci_data_discovery:
scan_frequency: "daily"
data_types:
- primary_account_number # PAN
- cardholder_name
- expiration_date
- service_code
- magnetic_stripe_data
- cvv_cvc_data
discovery_methods:
- regex_patterns
- machine_learning
- structured_data_analysis
- network_traffic_analysis
environments:
cardholder_data_environment:
scope: ["web_servers", "database_servers", "payment_apps"]
network_segments: ["10.1.0.0/24", "10.2.0.0/24"]
connected_to_cde:
scope: ["jump_hosts", "management_servers"]
monitoring: "enhanced"
data_protection:
encryption:
algorithm: "AES-256"
key_management: "hardware_security_module"
masking:
pan_display_format: "XXXX-XXXX-XXXX-1234"
truncation_rules: "first_6_last_4"Access Control & Authentication
Requirements 7 & 8: Access Control
Implement role-based access control with multi-factor authentication and continuous access monitoring for all cardholder data environment components.
Access Restrictions
Authentication
Network Security Monitoring
Continuous monitoring of network traffic, intrusion detection, and file integrity monitoring to detect unauthorized access attempts and data breaches.
{
"network_security": {
"requirement_10": {
"logging_events": [
"user_access_to_cardholder_data",
"admin_actions",
"access_to_audit_trails",
"invalid_logical_access",
"use_of_identification_mechanisms",
"initialization_of_audit_logs",
"creation_deletion_system_accounts"
],
"log_retention": "1_year_minimum",
"log_protection": "encrypted_tamper_evident"
},
"requirement_11": {
"vulnerability_scanning": {
"internal_scans": "quarterly",
"external_scans": "quarterly_asv",
"penetration_testing": "annual"
},
"intrusion_detection": {
"network_ids": "enabled",
"host_ids": "enabled",
"file_integrity_monitoring": "critical_files"
},
"wireless_monitoring": {
"quarterly_scans": true,
"authorized_access_points": "inventory_maintained",
"rogue_detection": "automated"
}
}
}
}PCI Compliance Dashboard
Real-Time Compliance Status
Monitor your PCI DSS compliance posture with automated assessment of controls, vulnerability management, and audit preparation capabilities.