Compliance Solutions
How IS Decisions can help you address
PCI DSS compliance to keep sensitive cardholder data safe

Organisations worldwide are regulated by the Payment Card Industry Data Security Standard (PCI DSS).

PCI DSS applies to all businesses that handle payment card data and follows common sense steps that mirror best security practices.

As is the case with other financial services compliance - SOX, GLBA, and the FCA, PCI DSS has separate requirements relating to access security, which if you fail to adhere to, you risk non-compliance and cyber attack.

Which is why, we have compiled a helpful checklist of ways in which UserLock and FileAudit can help you address both users network access security and file access security. The list is by no means exhaustive, but will help you on your way to becoming PCI DSS compliant and keeping sensitive cardholder data safe.


Become PCI DSS compliant

Learn more

How UserLock and File Audit can help your organisation become PCI DSS compliant

PCI DSS Requirement 7: Restrict access to cardholder data by business know how

"To ensure critical data can only be accessed by authorized personnel, systems and processes must be in place to limit access based on need-to-know and according to job responsibilities. Need to know is when access rights are granted to only the least amount of data and privileges needed to perform a job."

Do you restrict network access on a job-role basis?
Logo UserLock

Enables the administrator to set granular access rights to different types of employees to ensure that they can only access the information they need to do their job.

Do you review network access for employees who change roles in the organisation?
Logo UserLock

Enables administrators to easily change access rights (permanently or temporarily) for individual users, groups of users, or organisational units.

Do workstations automatically log users off the network following a period of inactivity?
Logo UserLock

Automatically logs off a session after a specific length of idle time to prevent unauthorised users accessing sensitive information from unattended workstations. What’s more UserLock can set authorised timeframes for certain users’ access and force workstations to log off outside these hours.

PCI DSS Condition 8:
Assign a unique ID to each person
with computer access

"Assigning a unique identification (ID) to each person with access ensures their actions taken on critical data and systems and performed by, and can be traced to, known and authorized users."

Do you adopt multi-factor authentication (MFA) as per requirement 8.3?

Makes access controls more robust and enhances their effectiveness to verify a user's identity.

Do your employees need to log in to access your network and do they do so with unique login credentials?
Logo UserLock

Ensures that nobody can log in to the system without uniquely identifiable credentials.

Do you restrict users from sharing logins?
Logo UserLock

Prevents concurrent logins with the same set of user credentials — helping to eradicate dangerous password sharing practices and stop unauthorized access.

Can you attribute actions on the network to individual users?
Logo UserLock

Helps administrators verify all users’ identity at any time, making users accountable for any activity — malicious or otherwise.

Do you enforce the secure use of passwords?
Logo UserLock

Strengthens unique network login credentials with context-aware access restrictions and user reminders, which help verify that a person seeking access to the network and the information within is genuinely who they say they are.

PCI DSS Condition 10:
Track and monitor all access to network resources and cardholder data

"Logging mechanisms and the ability to track user activities are critical in preventing, detecting, or minimizing the impact of a data compromise. The presence of logs in all environments allows thorough tracking, alerting, and analysis when something does go wrong. Determining the cause of a compromise is very difficult, if not impossible, without system activity logs."

Do you monitor access to the network?
Logo UserLock

Monitors all logon and logoff activity in real time to ensure that the only people who can access the network and vital data within, are the people who need to. UserLock alerts administrators to any suspicious, disruptive or unusual logins based on time, location and device.

Do you monitor specific actions on files or folders, like copying, moving and deleting?
Logo FileAudit

Monitors all files and folders in real time on your network and records all actions that users take when making modifications. It verifies that users have not altered or destroyed customer information or other sensitive data in an unauthorised manner.

Do you conduct regular security audits or reports?
Logo UserLock

Records and audits all network logon events, across all session types, from a central system.

Logo FileAudit

Audits all access and changes to files and folders, and immediately alerts administrators to suspicious behaviour.

Find out more for yourself with our FREE Fully Functional Trials

Download UserLock Download FileAudit