Addressing PCI Compliance Through Privileged Access Management
Description: Executive Summary
Challenge
Organizations handling transactions involving credit or debit cards are facing increasing pressure to meet
regulatory compliance mandates. In particular, they must comply with the Payment Card Industry Data
Security Standard (PCI DSS) version 3, which went into effect in January of 2015.1 PCI DSS v3 established
various requirements for safeguarding an organization’s relevant systems and networks, comprising the
Cardholder Data Environment (CDE). With requirements for strong authentication and access control to the
CDE, organizations are challenged with the difficult tasks of implementing multi-factor authentication,
access control and activity reporting tools or practices, particularly for privileged or administrative access
to these systems.