X

An Oracle blog about Oracle Enterprise Manager and Oracle Management Cloud

  • January 22, 2021

Secure Linux Configuration for PCI-DSS Compliance with Enterprise Manager

Harish Niddagatta
Product Manager

With the ever-present danger of security breaches, protecting sensitive data is critical. Data breaches are becoming more frequent; there has been a big increase in the number of records and the value of the information stolen. Businesses must ensure that sensitive data is protected by securing the configuration of Systems, limit privileges assigned to a well-known set of users, and all user activities audited.

Securing your payment card data through preventative measures has never been more important than it is today. PCI Data Security Standards v3.2 help protect the safety of sensitive data in your environment. 

Introducing PCI Data Security Standards (DSS) 

The Payment Card Industry Security Standards Council (PCI SSC) is a global forum that brings together payments industry stakeholders to develop and drive adoption of data security standards for safe and secure payments across the globe. The Council was founded in 2006 by American Express, Discover, JCB International, MasterCard, and Visa Inc. 

PCI DSS defines twelve requirements to address six goals, as shown below

 

 

 

 

 

 

 

 

 

 

 

These requirements are designed to prevent fraud through increased control of credit card data. Organizations of all sizes that stores, processes, or transmits payment and cardholder data must follow and ensure compliance with PCI DSS standards

Oracle’ Enterprise Manager 13c Release 4 Update 9 (13.4.0.9) supports PCI DSS for securing and continuously monitoring the compliance of all flavors of Linux environments at scale. You can have 1000's of Linux targets associated to PCI DSS compliance standard and get the security posture for all those targets at once.

With this, you can check for any misconfiguration and deviations from the security rules defined in PCI Data Security Standard. You can find answers for questions like:

  • Is the Linux host configured and compliant with security best practices?
  • Are right security controls in place?
  • Are access to accounts restricted for unauthorized users?
  • And want insight into access privileges of each user?

PCI DSS for Linux hosts are part of Oracle Enterprise Manager Database Lifecycle Management. This will enable continuous monitoring of the security posture of Linux host configurations against the Security Standard ensuring the configurations of their critical host infrastructure assets align with consensus-based security standards.

Below is a screenshot of Security Compliance Standards in Enterprise Manager Compliance Framework.

 

 

 

 

 

 

 

 

There are 125 unique security rules in PCI DSS that ensures comprehensive secure monitoring of Linux host configuration and are categorized into:

You can use out-of-the-box Standard  or customize to align your IT Security Policy, and associate Linux assets to start continuous monitoring for any configuration vulnerability and check for compliance.


You can also get insight into a compliance score distribution of all assets across your data center that complies with your IT Security policy

 

For more information, see SCAP Supported Standards in the Oracle Enterprise Manager Cloud Control Compliance Standards Reference.

 

 

 

 

 

 

 

 

 

 

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.