PCI DSS Section 8 Compliance

Written by Zach DeMeyer on August 29, 2018

Share This Article

Ecommerce is one of the most widely used forms of shopping today. The ease of putting your credit card information into a website makes any sort of shopping a breeze. While easy, however, online credit transactions come with a significant amount of risk. If improperly handled, sensitive credit card information can fall into the wrong hands, meaning potential financial disaster for whoever’s information is compromised. Thankfully, the Payment Card Industry Data Security Standard (PCI DSS) was put in place to provide security for credit transactions. Let’s explore PCI DSS together, specifically PCI DSS Section 8 compliance.

What is PCI DSS Section 8 Compliance?

security checklist

PCI DSS Section 8 dictates that, in order to be compliant, companies that deal with sensitive online credit card information must have authorized identities in charge of their cardholder information. In practice, employees that need to access this data must go into a Cardholder Data Environment (CDE) network, which generally requires user credentials coupled with a multi-factor authentication (MFA) token for authorization. To do so, IT organizations need strong identity management.

While strong identity management certainly seems like a given, sometimes it can slip through the cracks. The weight of such a misstep falls on the shoulders of IT admins. Maintaining a directory of secure user identities is a path to PCI DSS Section 8 compliance. Admins also need to enforce strong credentials, add MFA to critical logins, and build the right processes to ensure that all user identities are up-to-date.

An ideal directory service would not only be able to implement these policies, but also be able to do so regardless of platform, protocol, provider, or location. JumpCloud® Directory-as-a-Service® (DaaS) can do just that. Directory-as-a-Service is a cloud directory service for the modern era. Based around an endpoint-centric mindset, DaaS creates hyper-secure user identities in an easy-to-use platform that is capable of being accessed anywhere via the cloud.

JumpCloud & PCI DSS Section 8 Compliance

Section 8 compliance

In their whitepaper on PCI DSS Section 8, compliance analyst firm, Coalfire Systems, investigated JumpCloud Directory-as-a-Service in regards to Section 8 compliance (they also looked at applicability to Section 10 as well). In their findings, Coalfire found that Directory-as-a-Service is fully capable of creating a secure, unified user identity and, when properly implemented, can support PCI DSS Section 8 compliance for an organization. They also found that user identities created in JumpCloud are capable of being created and authorized on all three major OS platforms (Windows®, Mac®, and Linux®). Coalfire determined that, when created, JumpCloud users are only able to be modified/deleted by an authorized admin account. Both of these features are key for maintaining a compliant user base in regards to Section 8.

To learn more about how leveraging JumpCloud Directory-as-a-Service can assist in your journey towards PCI DSS Section 8 compliance, be sure to read the whitepaper from Coalfire or contact us. Our support experts are willing to help with any questions/concerns you may have. Does JumpCloud seem like the right PCI DSS Section 8 compliance solution for your organization? Try JumpCloud absolutely free. Your first ten users are on us.

Continue Learning with our Newsletter