PCI DSS objectives and requirements

Table 39: PCI DSS Control Objectives and Requirements
Control Objective	Requirement	Fortinet Solution
Build and Maintain a Secure Network	1) Install and maintain a firewall configuration to protect cardholder data	FortiGate firewall functionality. See “Security policies for the CDE network”.
Build and Maintain a Secure Network	2) Do not use vendor-supplied defaults for system passwords and other security parameters	FortiDB vulnerability assessment and auditing FortiScan OS vulnerability management FortiWeb web application password checking See “Password complexity and change requirements”.
Protect Cardholder Data	3) Protect stored cardholder data	FortiDB vulnerability assessment and monitoring FortiWeb web application firewall See “Protecting stored cardholder data”.
Protect Cardholder Data	4) Encrypt transmission of cardholder data across open, public networks	FortiGate IPsec VPN. See “Protecting communicated cardholder data”.
Maintain a Vulnerability Management Program	5) Protect all systems against malware and regularly update anti-virus software or programs	FortiGate integrated AV FortiClient integrated AV FortiMobile integrated AV FortiMail integrated AV FortiGuard automated AV updates See “Protecting the CDE network from viruses”.
Maintain a Vulnerability Management Program	6) Develop and maintain secure systems and applications	FortiDB vulnerability assessment, auditing and monitoring FortiWeb web application security FortiScan OS vulnerability management See “Monitoring the network for vulnerabilities”.
Implement Strong Access Control Measures	7) Restrict access to cardholder data by business need to know	FortiDB vulnerability assessment, auditing and monitoring. See “Restricting access to cardholder data”.
	8) Identify and authenticate access to system components	FortiGate integrated database or hooks to Active Directory. See “Controlling access to the CDE network”.
	9) Restrict physical access to cardholder data	Fortinet professional services in partnership with partner solutions
Regularly Monitor and Test Networks	10) Track and monitor all access to network resources and cardholder data	FortiDB auditing and monitoring FortiAnalyzer event reporting See “Monitoring the network for vulnerabilities”.
Regularly Monitor and Test Networks	11) Regularly test security systems and processes	FortiDB vulnerability assessment FortiScan OS vulnerability management. See “Monitoring the network for vulnerabilities”.
Maintain an Information Security Policy	12) Maintain a policy that addresses information security for all personnel	FortiManager security policy management appliance