PCI-DSSv4.0 Audit Summary (Explore)

The Payment Card Industry Security Standards Council (PCI SSC) maintains, evolves, and promotes Payment Card Industry standards for the safety of cardholder data across the globe. The PCI SSC provides technical and operational requirements for organizations accepting or processing payment transactions. The guidance also applies to software developers and manufacturers of applications and devices used in those transactions. The Payment Card Industry Data Security Standard (PCI DSS) helps entities understand and implement standards for security policies, technologies, and ongoing processes that protect payment systems from breaches and theft of cardholder data. 

The standards have historically been revised on a 2-3 year cycle, but the PCI SSC is transitioning to a posture of revising the PCI DSS as required based on changes to the current threat landscape. This dashboard provides organizations with information which specifically measures against the compliance standards related to the PCI DSS.  The PCI DSS security standard was formed in 2004 by Visa, MasterCard, Discover Financial Services, JCB International, and American Express and governed by the Payment Card Industry Security Standards Council (PCI SSC).  

While the PCI SSC has no legal authority to compel compliance, the goal is to secure credit and debit card transactions against theft.  However, compliance with the PCI DSS standard is a requirement for any business that processes credit or debit card transactions.  This dashboard references controls contained in PCI DSS v4.0, which was released in Q1 of 2022.  Version 4.0 contains several updates to the previous version, some examples are updates to multi-factor authentication and password requirements, assigned roles and responsibilities, allowance of group, shared, and generic accounts, and more. 

Tenable provides several solutions for organizations to better understand vulnerability management. Security leaders need to SEE everything, PREDICT what matters most and ACT to address cyber risk and effectively align cybersecurity initiatives with business objectives. Tenable Vulnerability Management (formerly Tenable.io) discovers and analyzes assets continuously to provide an accurate and unified view of an organization's security posture. The requirements for this dashboard are: Tenable Vulnerability Management.

Widgets: 

• Framework Result Summary: This widget provides compliance results (Passed, Warning, Error, Failed) results related to PCI DSS 4.0.
• Control Summary: This widget provides compliance results for each control family within the compliance standard. 
• Audit Check Type Summary: This widget provides compliance results for Windows and Unix hosts within the compliance standard. 
• Build and Maintain a Secure Network and Systems: This widget provides details on each of the compliance controls for the compliance family group being referenced.
• Implement Strong Access Control Measures: This widget provides details on each of the compliance controls for the compliance family group being referenced.
• Maintain a Vulnerability Management Program: This widget provides details on each of the compliance controls for the compliance family group being referenced.
• Protect Account Data: This widget provides details on each of the compliance controls for the compliance family group being referenced.
• Regularly Monitor and Test Networks: This widget provides details on each of the compliance controls for the compliance family group being referenced.