PCI DSS 3.2 Requirement 3: Protect Stored Cardholder Data

Applies to Product: USM Appliance™ AlienVault OSSIM®

Testing Procedure

How USM Appliance Delivers

USM Appliance Instructions

USM Appliance Documentation

3.4.b Examine several tables or files from a sample of data repositories to verify the PAN (Primary Account Number) is rendered unreadable (that is, not stored in plain-text).

AlienVault NIDS is capable of detecting PAN in NIDS traffic in plaintext, and alerts on it.

Existing correlation directives will generate alarms on credit card information detected in clear text.

Event Correlation

To verify that credit card data is not being stored in plain text, create a Security Events View with the search on Event Name containing "Credit Card". And then export the view as report module and run the report.

Create Custom Reports from SIEM Events or Raw Logs

3.4.d Examine a sample of audit logs, including payment application logs, to confirm that PAN is rendered unreadable or is not present in the logs.

AlienVault NIDS is capable of detecting PAN in NIDS traffic in plaintext, and alerts on it.
If a PAN is detected, it is recorded in plaintext in multiple places. It is not automatically removed or otherwise encoded. Manual removal of PAN from logs and DB is required.

Existing correlation directives will generate alarms on credit card information detected in clear text.

Event Correlation

To verify that credit card data is not being stored in plain text, create a Security Events View with the search on Event Name containing "Credit Card". And then export the view as report module and run the report.

Create Custom Reports from SIEM Events or Raw Logs