PCI DSS security compliance on IBM AIX

By | 2 minute read | January 24, 2018

Security Compliance, Secure Blockchain, LunixONE Ecosystem

The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to optimize the security of credit, debit and cash card transactions, and to protect cardholders against misuse of their personal information.

While most companies have to meet numerous regulatory requirements, they often fail to maintain their PCI DSS compliance status. The problem has to do with the tendency to clear annual audit requirements rather than treating these security issues as part of a continuous risk management effort and ensuring compliance between annual audits.

In today’s digital world, security is a big concern, and a data breach can make or break a company’s reputation in the market. The implications of non-compliance can be huge in terms of financial penalty, losing the trust of customers, bad publicity for the company and so on. Imagine having software that could track compliance at the operating system level.

Several large enterprises run their business-critical applications on IBM Power Systems. They do so because of its unparalleled reliability, availability and security features. In my experience, I’ve noticed that most organizations don’t leverage the built-in security features of AIX, and many are unaware of the capabilities of IBM PowerSC software. PowerSC has many security features that could help address the challenges cited above. Companies leveraging this software and AIX built-in features have an edge over others and find it easy to comply with ever-changing audit requirements.

Let’s look at the key features of PowerSC software that would make it easier for enterprises to apply security hardening, receive alerts on compliance violations and keep track of security vulnerabilities. IBM PowerSC:

  • Provides built-in security profiles based on various industry standards like PCI DSS 3, HIPAA, SOX-COBIT and more—these profiles can be deployed as-is or customized to suit the individual business requirements, and changes (if any) to the regulatory needs are updated on a periodic basis so the enterprise need not bother with updating them manually
  • Sends real-time alerts on compliance violations
  • Tracks modifications of sensitive files
  • Automatically downloads security vulnerabilities and notifies administrators about unpatched systems
  • Provides centralized and tamper-proof log management
  • Provides UNDO options to revert back to previous configuration
  • Provides user-friendly graphical user interface to easily manage security features on multiple endpoints
  • Provides dashboard-style reporting to view security status and compliance of an entire data center

While an IBM PowerSC license can be procured separately, you can start leveraging PowerSC if your workloads are deployed on the enterprise version of IBM AIX.

IBM Systems Lab Services has helped several banks and payment institutions take advantage of this capability and be better prepared to avoid security breaches and face compliance audits. We can assist in building security profiles based on your business needs, implement them and perform periodic assessments to bridge the gaps (if any). If you’re interested in strengthening your security features and want to know more about it, email IBM System Lab Services and we would be glad to assist you.