Using the user, group and role-based management features of payment and business applications that accept cardholder data or sensitive authentication data is not enough to secure your data and ensure compliance with PCI DSS requirements.
The set of system components that make up your cardholder data environment (CDE) comprises not only point of sale systems and the primary business applications that capture sales transaction information, but also logically accessible support systems such as file servers, mail servers, backup servers, and network devices. The CDE scope extends to underlying platforms, including databases, operating systems, hypervisors and VM hosts. These system components, as defined in the DSS, will be an aggregate from multiple business facilities when the storage, processing or transmission of cardholder data is not limited to a single facility or location
One Identity solutions enable you to consolidate multiple user identities to establish unique user accounts across disparate platforms, establish access policies, manage user entitlements, monitor for data access policy violations and maintain related history across all CDE system components that lack access management, thereby filling a fundamental security gap in traditionally weak infrastructure controls. While these solutions will not replace your network monitoring tools, when regularly used as part of an information system security program, they can greatly reduce a host of unauthorized access and system changes thus preventing numerous policy violations before they happen.