The controls used in the cardholder data environment (CDE) and the risks considered during the CDE scoping effort, such as all possible user access to account data (CHD and SAD), the DSS points them to consider whether the organization identified “all locations and flows of cardholder data, and identify all systems that are connected to or, if compromised, could impact the CDE (for example, authentication servers) to ensure they are included in the PCI DSS scope.” For a proper controls reliance strategy, organizations need to unify user identities across all applications granting access to account data and application based security features with access controls that protect the entire environment subject to compliance regulations. And given the complexity of those regulations and the ever-changing threat landscape, organizations need to simplify identity governance and reduce risks related to user privileges.
One Identity solutions automate many of the network, system, and business application user governance requirements required by today’s IT security mandates while also providing foundational IT security measures. Specifically, we achieve such governance by:
- Consolidating and unifying user identities across the enterprise
- Automating the enforcement of access management, including requests, reviews, approvals, denials, attestations and revocations
- Identifying risk factors to track users with access to account data and assign risk levels based on risk criteria: e.g. days in current role (without role change) and policy violation history
- Responding to management and audit inquiries with reports that demonstrate historical compliance with many information security policies and procedures
- Monitoring and reporting on active and historical privileges granted, including those with reporting period, system clock or time stamp edit privileges during sensitive time periods or outside the course of normal business operations
- Substantiating evidence of policy violations such as those involving conflicts of interest
