PCI - User and Device Identity

Implementing an automated, role-based access control system is now a required element of all PCI DSS-compliant systems. Avenda's integrated identity and policy management capabilities enable role and device control to be easily added to any existing network.

Users and Roles

Role-based access control starts with the identification of all organizational roles and associated users. A "role" per PCI DSS is the assignment of privileges based on individual personnel's job classification and function - Role definition must be precise enough to restrict access rights to privileged user IDs to least privileges necessary to perform job responsibilities. (Requirement 7.1.1 and 7.1.2)

Avenda's eTIPS platform provides the unique ability to access, read and combine attributes (role, department, group, etc.) from multiple identity stores (Active Directory, LDAP, SQL, and Token Server), which eliminates the need to create and administer duplicate identity databases.

Devices

For devices like PCs and laptops, PCI DSS requires that anti-virus software be deployed, capable of detecting, removing and protecting against all known types of malicious software and that all anti-virus mechanisms are current, actively running and capable of generating audit logs. (Requirement 5.1, 5.1.1, 5.2)

Avenda provides the ability to use Microsoft NAP or Avenda persistent and dissolvable agents to enable comprehensive posture assessment of Windows, Linux, and Mac OS X endpoints. This information is used to determine the integrity of the endpoint, status of anti-virus, anti-spyware and firewall, and appropriately grant network access to authorized users and endpoints.