IBM Systems Lab Services

PCI DSS security compliance on IBM AIX

Share this post:

The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to optimize the security of credit, debit and cash card transactions, and to protect cardholders against misuse of their personal information.

While most companies have to meet numerous regulatory requirements, they often fail to maintain their PCI DSS compliance status. The problem has to do with the tendency to clear annual audit requirements rather than treating these security issues as part of a continuous risk management effort and ensuring compliance between annual audits.

In today’s digital world, security is a big concern, and a data breach can make or break a company’s reputation in the market. The implications of non-compliance can be huge in terms of financial penalty, losing the trust of customers, bad publicity for the company and so on. Imagine having software that could track compliance at the operating system level.

Several large enterprises run their business-critical applications on IBM Power Systems. They do so because of its unparalleled reliability, availability and security features. In my experience, I’ve noticed that most organizations don’t leverage the built-in security features of AIX, and many are unaware of the capabilities of IBM PowerSC software. PowerSC has many security features that could help address the challenges cited above. Companies leveraging this software and AIX built-in features have an edge over others and find it easy to comply with ever-changing audit requirements.

Let’s look at the key features of PowerSC software that would make it easier for enterprises to apply security hardening, receive alerts on compliance violations and keep track of security vulnerabilities. IBM PowerSC:

  • Provides built-in security profiles based on various industry standards like PCI DSS 3, HIPAA, SOX-COBIT and more—these profiles can be deployed as-is or customized to suit the individual business requirements, and changes (if any) to the regulatory needs are updated on a periodic basis so the enterprise need not bother with updating them manually
  • Sends real-time alerts on compliance violations
  • Tracks modifications of sensitive files
  • Automatically downloads security vulnerabilities and notifies administrators about unpatched systems
  • Provides centralized and tamper-proof log management
  • Provides UNDO options to revert back to previous configuration
  • Provides user-friendly graphical user interface to easily manage security features on multiple endpoints
  • Provides dashboard-style reporting to view security status and compliance of an entire data center

While an IBM PowerSC license can be procured separately, you can start leveraging PowerSC if your workloads are deployed on the enterprise version of IBM AIX.

IBM Systems Lab Services has helped several banks and payment institutions take advantage of this capability and be better prepared to avoid security breaches and face compliance audits. We can assist in building security profiles based on your business needs, implement them and perform periodic assessments to bridge the gaps (if any). If you’re interested in strengthening your security features and want to know more about it, email IBM System Lab Services and we would be glad to assist you.

More IBM Systems Lab Services stories

Seven ways IBM PowerVC can make IT operations more nimble

AI, IBM Systems Lab Services, Power Systems

Every day, organizations face the task of managing their IBM Power Systems infrastructure and virtualization. Operations teams always have to be on their toes to keep up with the ever-increasing demands of logical partition (LPAR) deployments, decommissions, storage volume management, SAN zoning, managing standardized OS image catalogues and whatnot. But how can you manage these more

Gender equality in STEM: Why men must pledge solidarity

Academic initiatives, IBM Systems Lab Services, Service providers

I’ve always been puzzled by occupational gender inequality. From a very young age, as I was trying to understand how the world worked, it didn’t make sense to me that we separated jobs for men and jobs for women. When we all studied together in elementary and high school, I saw just as many smart more

Top IBM Power Systems myths: “x86 public cloud beats Power cloud solutions on cost”

IBM Systems Lab Services, Power servers, Power Systems

Since I started the “Power myths” blog series in 2018, a lot has happened to enhance an already strong cloud strategy for IBM Power Systems, including the recent announcement that IBM POWER9 servers running AIX and IBM i are now available “as-a service” on IBM Cloud. Clients have responded to Power’s cloud strategy very positively, more