PCI Encryption

EncryptRIGHT software gives you a better way to achieve PCI compliance for encryption and key management. In addition to meeting all your PCI encryption requirements, EncryptRIGHT’s flexibility lets you choose how best to encrypt data without disrupting your operations.

EncryptRIGHT comes bundled with key management, secure audit logs and predefined PCI reporting capabilities. Comprehensive central key management insures that you comply with PCI key management requirements for key generation, distribution, storage, rotation and replacement. It provides everything you need to achieve PCI compliance for encryption and key management.

EncryptRIGHT comes with standard reports designed to satisfy your Qualified Security Assessor (QSA), and help you pass your PCI audit. EncryptRIGHT includes:

• PCI approved cryptography and key management for one price
• Reports and audit trails for assessment and verification processes
• Broad platform support from PC to mainframe
• A simple desktop application, or API for application integration
• Field, file, database and application-level encryption
• Support for many different development environments
• Wizards to help you get running quickly

EncryptRIGHT provides comprehensive audit log reporting that helps make your PCI audit go more smoothly. The challenge is to adopt effective measures to “track and monitor all access to network resources and cardholder data.”

EncryptRIGHT generates the documentation and audit materials you need to pass your PCI audit. With EncryptRIGHT, virtually every relevant system event can be monitored, creating a critical detailed audit report trail. You can build an array of detailed audit reports which track everything from access to card records, actions and changes taken by specific users to password and user ID activity, encryption and decryption of specific fields, access to account numbers and changes to key values and key rotations.

Six of the 12 PCI security requirements address encryption and key management, and EncryptRIGHT helps you comply with all six (in bold below):

1. Install and maintain a firewall configuration to protect cardholder data.
2. Do not use vendor-supplied defaults for system passwords and other security parameters.
3. Protect stored cardholder data.
4. Encrypt transmission of cardholder data across open, public networks.
5. Use and regularly update anti-virus software.
6. Develop and maintain secure systems and applications.
7. Restrict access to cardholder data by business need-to-know.
8. Assign a unique ID to each person with computer access.
9. Restrict physical access to cardholder data.
10. Track and monitor all access to network resources and cardholder data.
11. Regularly test security systems and processes.
12. Maintain a policy that addresses information security.

From an encryption standpoint, PCI does not provide much guidance. The basic requirement is to use "strong cryptography," but there are lots of algorithms, dozens of tools, and many ways to deploy each of them. Strong cryptography is often misapplied as the security model is inappropriate for the business use case. The wrong choice leaves data accessible in clear text, resulting in wasted investment and persistent vulnerabilities.

So which encryption method is the best way to achieve PCI compliance? Which options provide security yet keep costs and complexity under control? Data Encryption 101: Pragmatic Guide to PCI-DSS Requirements, is an unbiased, educational white paper intended to help you determine the right encryption strategy for your situation.

The white paper makes a strong case for implementing application level encryption when the business case justifies it. That’s one of many ways EncryptRIGHT can help you achieve PCI compliance for encryption and key management. This document presents a requirement-by-requirement evaluation of how EncryptRIGHT meets PCI encryption and key management requirements.

Find out how we can help you get PCI compliant with EncryptRIGHT, saving time and cutting your costs. Request more information or sign up for a 30-day free trial.

back to overview