Why Airlock Digital : Compliance

Streamline PCI-DSS Compliance with Airlock Digital

Strengthen payment card security with proactive endpoint protection 
The Payment Card Industry Data Security Standard (PCI-DSS) requires organizations handling payment card data to implement robust security controls to protect sensitive information. Airlock Digital supports organizations in meeting their PCI-DSS compliance obligations with advanced application control and allowlisting. By enforcing a Deny by Default security model at the file-level, Airlock Digital enables the proactive security organizations need to safeguard cardholder data and maintain compliance. 
Proactive Risk Mitigation
Block unauthorized software and malware from compromising cardholder data.
Streamlined Compliance
Simplify audits and meet regulatory requirements with detailed logs and reports. 
Secure Legacy Systems
Protect payment systems running legacy operating systems such as Windows XP, Windows Server 2003 and later, and Linux distributions including Red Hat 6 and later. 
Integrated File-Level Intelligence

Leverage industry-leading VirusTotal intelligence to gain file reputation and history in support of allowlisting decisions. 

How Airlock Digital Helps You Meet PCI-DSS Requirements

The 12 Requirements of PCI-DSS are: 

  1.   Install and maintain network security controls 
  2.   Apply secure configurations to all system components 
  3.   Protect stored Account Data 
  4.   Protect Cardholder Data with strong cryptography during transmission over open, public networks 
  5.   Protect all systems and networks from malicious software 
  6.   Develop and maintain secure systems and software 
  7.   Restrict access to system components and cardholder data by business need to know 
  8.   Identify users and authenticate access to system components 
  9.   Restrict physical access to Cardholder Data 
  10.   Log and monitor all access to system components and Cardholder Data 
  11.   Test security of systems and networks regularly 
  12.   Support information security with organizational policies and programs 

Airlock Digital delivers technical security controls to support several specific provisions within the PCI-DSS framework. 

Requirement 5: Protect All Systems Against Malware

This requirement focuses on detecting and preventing malware from executing on an entity's systems. Traditionally, this would involve installation of anti-malware solutions which would detect, alert and attempt to remove malware from a system (with varying degrees of success). 

By preventing the malware from running in the first place, Airlock Digital meets the purpose of protecting systems and networks from malicious software.

  • Application Allowlisting: Airlock Digital proactively blocks malware and ransomware by enforcing strict execution policies. 
  • File-level Intelligence: Leverage real-time intelligence VirusTotal, to identify potentially malicious files in support of allowlisting development. 
Requirement 6: Develop & Maintain Secure Systems and Applications

This requirement is designed to address vulnerabilities in systems and applications which may enable adversaries to access payment data. Under PCI-DSS, applications must be developed in line with secure coding practices, and changes to systems must adhere to change control procedures. Airlock Digital may be able to assist in meeting this requirement in the following ways:

  • Requirement 6.2.3: Ensures security patches and updates are installed in a timely manner. Airlock Digital prevents unauthorized or malicious updates from executing, helping enforce patching policies securely.

  • Requirement 6.3.2: Restricts production environments to only necessary, approved software. Airlock Digital enforces this by blocking unapproved applications from running.

  • Requirement 6.3.3: Requires mechanisms to prevent unauthorized changes in production. Airlock Digital enforces digital trust policies that block untrusted file modifications. 

Requirement 10: Track and monitor all access to network resources and cardholder data

Airlock Digital enables organizations to log and monitor all file-executions on their endpoints, supporting several components of this requirement.

  • 10.2.1: Logs access to system components, including execution of administrative functions. Airlock Digital logs all application executions and changes to its policies.
  • 10.3.1 – 10.3.6: Requires logs to include user ID, date/time, event type, success/failure, and system identifiers. Airlock Digital logs provide this data.
  • 10.7.2: Requires logs to be retained for 12 months. Airlock Digital enables log retention on its own, and supports compliance when integrated into a proper log management workflow. 
Requirement 11.5: Network intrusions and unexpected file changes are detected and responded to.

Allowlisting can serve as a "compensating control" for Requirement 11.5.2, with its ability to monitor endpoint file-executions and prevent untrusted files from running.

  • Requirement 11.5.2:  A change-detection mechanism is deployed as follows:
    • To alert personnel to unauthorized modification (including changes, additions, and deletions) of critical files
    • To perform critical file comparisons at least once weekly
Keep Exploring

Airlock Digital Product Datasheet

Read Now

Talk to an Expert

Book a Meeting