Control Objective | Requirement | Fortinet Solution |
Build and Maintain a Secure Network | 1) Install and maintain a firewall configuration to protect cardholder data | FortiGate firewall functionality. See “Security policies for the CDE network”. |
2) Do not use vendor-supplied defaults for system passwords and other security parameters | FortiDB vulnerability assessment and auditing FortiScan OS vulnerability management FortiWeb web application password checking | |
Protect Cardholder Data | 3) Protect stored cardholder data | FortiDB vulnerability assessment and monitoring FortiWeb web application firewall |
4) Encrypt transmission of cardholder data across open, public networks | FortiGate IPsec VPN. See “Protecting communicated cardholder data”. | |
Maintain a Vulnerability Management Program | 5) Protect all systems against malware and regularly update anti-virus software or programs | FortiGate integrated AV FortiClient integrated AV FortiMobile integrated AV FortiMail integrated AV FortiGuard automated AV updates |
6) Develop and maintain secure systems and applications | FortiDB vulnerability assessment, auditing and monitoring FortiWeb web application security FortiScan OS vulnerability management | |
Implement Strong Access Control Measures | 7) Restrict access to cardholder data by business need to know | FortiDB vulnerability assessment, auditing and monitoring. |
8) Identify and authenticate access to system components | FortiGate integrated database or hooks to Active Directory. See “Controlling access to the CDE network”. | |
9) Restrict physical access to cardholder data | Fortinet professional services in partnership with partner solutions | |
Regularly Monitor and Test Networks | 10) Track and monitor all access to network resources and cardholder data | FortiDB auditing and monitoring FortiAnalyzer event reporting |
11) Regularly test security systems and processes | FortiDB vulnerability assessment FortiScan OS vulnerability management. See “Monitoring the network for vulnerabilities”. | |
Maintain an Information Security Policy | 12) Maintain a policy that addresses information security for all personnel | FortiManager security policy management appliance |