PCI DSS: Monitoring & Reporting

Organizations can meet PCI compliance by enforcing industry standards and security policies to lock down resources within the cardholder data environment (CDE). JumpCloud’s unique directory platform makes managing an organization’s IT resources simple and effective. 

In this article we’ll expand on how JumpCloud Directory Insights™ and System Insights™ give an organization’s security and IT teams the ability to pull in-depth reports on environmental-wide events. 

PCI Requirement Section 10

Prior articles in this series focused on securing resources within the CDE for PCI Section 8 (see the PCI DSS Quick Reference Guide). JumpCloud helps organizations achieve PCI DSS Section 8 by enforcing secure workflows, policies, and access controls on the principles of least privilege and zero trust. Section 10 requires organizations audit, monitor, and report on any events or transactions that take place within the CDE. 

Speaking from experience, PCI audits can be stressful. In prior jobs, I assisted with some of the materials and processes PCI auditors required to help achieve compliance. The objectives of PCI auditors are to ensure that the organization and the cardholder data is kept securely, actively monitored and reported, and access is strictly regulated.  Section 10 requires logging, reporting, and availability of logs to not only the auditors themselves, but to internal security and IT teams. Without a centralized environment or unified platform, generating logs and compliance reports can be a massive challenge. 

As organizations and technologies evolved in tandem, organizations are on average managing two dozen or more applications, heterogeneous operating systems, multiple WiFi or VPN networks, LDAP endpoints, and more. To add onto this labyrinth of utilities, due to COVID-19 in 2020, organizations globally migrated to either full work from home or hybrid cloud environments. Although it feels like the complexities and frictions only rose throughout 2020, JumpCloud has created a way to give admins the reporting and monitoring tools necessary to help achieve PCI DSS Section 10 with Directory Insights and System Insights. 

Not Just Logging

The JumpCloud directory platform, like a Swiss Army Knife, is a multi-tool platform where admins can manage, unify, and secure any IT resource in their organization in a simple, easy-to-use package. Reporting, monitoring, and event logging are no different. As there could be dozens of applications, systems, LDAP resources, or networks being used in the organization, Directory Insights generates a window into the environmental events that users and admins commit. Going back to our multi-tool analogy, JumpCloud Directory Insights takes any authentication or change within the environment and surfaces this data in an intuitive format. 

There are many third-party management tools for reporting and log consolidation that you may have used at prior companies or may be currently using. These solutions could be challenging to use, implement, or integrate with a complex CDE. The ability to report on each different protocol, resource, and identity could create unnecessary hurdles or complexities for admins. 

JumpCloud Directory Insights reports on all of the supported protocols, resources, users, and admins within the organization in a single dashboard. The feature abstracts the intricate complexities of reporting the different protocols into a uniform report with uniform attributes that any admin, auditor, or manager can read. JumpCloud ingests the raw logging data and enriches it with search, filters, and attributes. Directory Insights is not just logging: it’s a translator of protocols and event data. 

Cache is King

Organizations will have one central location where the logs are accessible and visible to any of their IT or security personnel. Need to export a monthly report of all transactions? Easy. Click Directory Insights’ Export button and select either the CSV or JSON format. Security teams can then take these exported reports and cache them in a secure datastore for later audit reports or reference. Directory Insights event data is cached for 90 days, but if you need long-term caching, JumpCloud provides several other methods to integrate or export events. 

Most PCI DSS auditors require a year’s worth of logging or event data within the CDE. Although Directory Insights provides 90 day caching, this is not enough to meet this compliance requirement. JumpCloud integrates with AWS S3 buckets for longer storage using an AWS serverless application infrastructure. Using this AWS serverless application, organizations can leverage their existing AWS infrastructure to house Directory Insights reports. For organizations who may not have an AWS environment but are leveraging a SIEM tool, Directory Insights can integrate with that too. 

Directory Insights data and tables are all accessible via the API. Admins can automate API requests for specific protocols, applications, users, systems, or networks. SIEMs can ingest the data from Directory Insights and cache it for long term storage and reporting. As a result, you can integrate the organization’s Directory Insights events and reports directly into your existing SIEM reporting infrastructure. 

A Byte Out of Devices

Admins can even take another step into reporting on their managed devices through JumpCloud System Insights. System Insights is an add-on utility that runs alongside the JumpCloud Agent. The feature lets you easily pull device level info such as drive information, installed applications and versions, battery information, hardware specifications, volume sizing, and much more across macOS^Ⓡ, Windows^Ⓡ, and Linux^Ⓡ devices. Additionally, admins can export this information similarly to Directory Insights by exporting to either JSON or CSV format. When organizations pair Directory and System Insights together, digesting event and asset information is even more streamlined from JumpCloud. 

PCI audits may want you to pull specific information around device level configurations and reports within the CDE. For example, you may want to report on installed applications to ensure that devices only have applications that have been approved or are company managed. If an admin finds an application that is not work-related, they could contact the employee to remediate or use JumpCloud Commands to push an uninstall. Additionally, if an admin needs to check browser extensions, they can easily pull information from either the Firefox or Chrome extensions table to see what is installed. 

Conclusion

Summarizing what we’ve covered in this three part series, JumpCloud is a great choice for organizations looking to unify, manage, and secure their IT resources in a distributed work environment to help meet PCI DSS compliance requirements. The JumpCloud directory platform is a one-stop-shop for IT and security administrators to manage, report, and secure any asset within the environment within a single dashboard. JumpCloud helps any organization accomplish both Section 8 and 10 of the PCI DSS Quick Reference Guide and enables both internal and external auditors to quickly analyze reports and CDE compliance. 

As JumpCloud evolves and the product is continually built in future roadmap endeavors, admins can rest assured that security is our top priority for any new release. Whether your organization must meet SOC, HIPAA, GDPR, or PCI compliance, JumpCloud can help achieve and enforce it holistically.

Try JumpCloud Free

Evaluate JumpCloud Free today to see why 100,000+ organizations trust JumpCloud to help secure and easily manage their resources. With JumpCloud Free, you can test with up to 10 users and 10 devices, as well as 10 days free of premium in-app chat support to help you explore the entirety of the platform.