Restorepoint provides direct benefits for a range of compliance requirements and allows organizations to build policies and monitor for compliance violations.

The Payment Card Industry Data Security Standard (PCI DSS) has twelve requirements for compliance, organized into six related groups known as control objectives:

  • Build and maintain a secure network and systems
  • Protect cardholder data
  • Maintain a vulnerability management program
  • Implement strong access-control measures
  • Regularly monitor and test networks
  • Maintain an information security policy

Adhere to specific regulations

Customers who deploy Restorepoint across their cardholder data environment can easily adhere to a set of specific requirements.

Secure and synchronize router configuration files. (PCI DSS 1.2.2)

Restorepoint secures configurations using AES encryption to protect the sensitive data that network configurations contain, such as passwords and IP address. Restorepoint can also check whether a device no longer meets an approved baseline or build.

Maintain an inventory of system components that are in scope for PCI DSS (PCI DSS 2.4)

‍Restorepoint’s Customizable Asset Inventory functionality allows you to keep track of a wide range of built-in or custom fields including firmware revisions, network configuration, licenses, documentation and more.

Retain audit trail history for at least one year (PCI DSS 10.7)

Restorepoint enables customers to retain a complete history of their network configurations using customizable schedules for auditing and 1-click recovery. All versions can be compared in detail to highlight changes, baseline differences and create new audit policies.

Deploy a change-detection mechanism to alert personnel to unauthorized modification (PCI DSS 11.5)

Restorepoint can send alerts when it detects configuration changes at the point of backup according to your schedule, allowing you to detect whether devices have been altered to monitor for changes and verify if they no longer meet approved baselines.

Assure Compliance

With Restorepoint you can provide assurance to auditors and internal stakeholders that your systems adhere to regulatory or internal standards.

Restorepoint detects policy violations faster, on the device directly. It allows users to quickly build network configuration policies with free text, regular expressions, or LUA scripts and evaluate multiple conditions programmatically.

By managing known-good configurations against organizational or regulatory baselines Restorepoint allows you to verify a range of compliance standards including these examples for PCI DSS:

 

PCI Requirement Restorepoint Benefit 
PCI DSS 1.1 Establish and implement firewall and router configuration standards. Configure and verify your standards using Restorepoint’s Device Baselining and Compliance Policy Management. 
PCI DSS 1.2 Build firewall and router configurations that restrict connections between untrusted networks and any system components in the cardholder data environment. Quickly assess if devices are configured to allow untrusted connections or protocols using Restorepoint’s Compliance Policy Automation. 
PCI DSS 1.2.3 Install perimeter firewalls between all wireless networks and the cardholder data environment Using Restorepoint Compliance Policy Management, you can quickly assess if devices are configured to allow untrusted connections or protocols. 
PCI DSS 1.3 Prohibit direct public access between the Internet and any system component Quickly assess if devices are configured to allow untrusted connections or protocols using Restorepoint’s Compliance Policy Automation. 
PCI DSS 2.1 Always change vendor-supplied defaults and remove or disable unnecessary default accounts Restorepoint automatically detects the use of default vendor/manufacturer passwords. Passwords can be regularly updated in bulk using our Device Control feature. 
PCI DSS 2.5 Ensure that security policies and operational procedures for managing vendor defaults and other security parameters are documented, in use, and known to all affected parties. Restorepoint can store any vendor documentation and PCI policies in the Customizable Asset Inventory so that it is easily available to the users who need it. 
PCI DSS 8.2.3 PCI DSS Password Requirements – Passwords/passphrases must meet the following: 

– Require a minimum length of at least seven characters. 

– Contain both numeric and alphabetic characters. 

 

Restorepoint’s password policies can be applied to devices to ensure that they conform to company policy and that PCI DSS password requirements. 
PCI DSS 8.2.4 PCI DSS Password Requirements – Change user passwords/passphrases at least once every 90 days. 

 

Passwords can be regularly updated in bulk using our Device Control feature, simplifying compliance of PCI DSS password requirements and saving administrators valuable time. 
PCI DSS 10.8 Additional requirement for service providers only: Implement a process for the timely detection and reporting of failures of critical security control systems. 

 

Restorepoint supports multi-tenancy through Role Based Access control for multiple customers or organization units. 

 

Our Customers

Southwest logo
NetDesign Logo

What Our Customers and Analysts are Saying

Too much IT data? Get context.