Fortanix for PCI DSS 4.0 Cheat Sheet
| PCI DSS Requirement | Fortanix Solution | How Fortanix Helps |
|---|---|---|
| Requirement 3: Protect Stored Account Data |
Data Security Manager (DSM) | From file system to database encryption to data masking and tokenization, Fortanix DSM enables you to secure payment and cardholder data at every layer across all your environments, all from a single, policy-based control plane. |
| Requirement 3.5: Protect Cryptographic Keys |
Build on Confidential Compute, Fortanix DSM delivers a secure holistic solution to protect and manage encryption keys, even while in-use. With Fortanix you now can centralize key management for hybrid multicloud, store keys in natively integrated FIPS-2 Level 3 hardware security modules (HSMs), available on-prem or as SaaS, and enforce role-based access controls and quorum approvals to prevent malicious tampering with keys. | |
| Requirement 4.1: Protect Cardholder Data During Transmission |
Data Security Manager (DSM) | DSM provides TLS/SSL Encryption to support secure communication channels for transmitting cardholder data over public networks. |
| Requirement 4.2.1: Cryptographic Assets Inventory |
Key Insight | Fortanix Key Insight automatically scans your on-prem and multicloud environments to discover and catalog existing encryption keys and data services. Drill down to know who can access the keys and assess cryptography risks. |
| Requirement 6: Develop and Maintain Secure Systems and Applications |
Data Security Manager (DSM) | Fortanix supports Secure Development Lifecycle (SDL) Integrations. DSM provides tools and APIs that can be integrated into development workflows to enforce secure coding practices such as secrets management and code signing. |
| Confidential Computing Manager (CCM) | Elevate the security of your apps that handle payment and cardholder data with Fortanix CCM. You now can run applications in a trusted execution environment to protect data even while in-use, in essence eliminating data exposure and vulnerabilities. Automatically verify the integrity of those environments and uphold performance as you scale. | |
| Requirement 7: Restrict Access to Cardholder Data by Business Need to Know |
Data Security Manager (DSM) | DSM offers File System Encryption that allows you to continuously protect against unauthorized access in physical, virtual, and cloud environments. Set fine-grain policies to ensure only authorized users and processes can access sensitive data in plain text. Agents with no kernel dependencies allow for seamless set up, management, and scalability across physical or virtual servers, compatible with Windows, Linux, and Unix platforms, to protect data without disrupting workflow. |
| Requirement 10: Track and Monitor All Access to Network Resources and Cardholder Data |
Audit and Logging | Fortanix provides REST APIs so you can integrate your security eco systems and plug into SIEM, making it easy to detect File System Encryption policy violations and threats, while detailed and immutable logs help you keep track and easily prove compliance. |
| Requirement 11: Regularly Test and Monitor All Systems and Applications |
Data Security Manager (DSM) , Key Insight |
Fortanix continues monitoring and immutable audit logs provide detailed audit trails of all data access and security events. Fortanix also provides key monitoring, so you can track key usage and detect any suspicious activity. |
