Are there any options for PCI DSS compliance? How do I not only ensure the data is securely encrypted and only accessed by individuals who need to access it, but provide an auditable record of all actions (including reads!) on the encrypted data?
The PCI-DSS 1.2.1 standard publishes a document (attached here) that outlines the 12 different requirements the standard calls for.It goes into all the details per section so customers can make their own assessment before any audits are necessary.
Requirement 1 - Install and mantain a firewall configuration to protect cardholder data.
Requirement 2 - Do not use vendor-supplied defaults for the system passwords and other security parameters.
Requirement 3 - Protect stored cardholder data.
Requirement 4 - Encrypt transmission of cardholder data across open, public networks.
Requirement 5 - Use and regularly update anti-virus software programs.
Requirement 6 - Develop and mantain secure systems and applications.
Requirement 7 - Restrict access to cardholder data by business need to know.
Requirement 8 - Assign a unique ID to each person with computer access.
Requirement 9 - Restrict physical access to cardholder data.
Requirement 10 - Track and monitor all access to network resources and cardholder data.
Requirement 11 - Regularly test security systems and processes.
Requirement 12 - Maintain a policy that addresses information security for employees and contractors.
My question is related to what is listed as requirement 10. I'll confess to be posting as a result of the "win a kindle" contest, but I'm interested to understand if there is are any solutions from brocade or netapp that provides for reporting on access to encrypted filesets. A specific example - if I have a windows fileshare hosted on a netapp aggregate/volume, can I leverage these encryption options to both a) encrypt and b) monitor access to the files on the encrypted fileshare? By "monitor access" I mean monitor reads and writes.
If you are talking about Windows LUNs you need to turn on windows security logging on the server as the NetApp SAN will only see "Windows Server connect to LUN" and this proves nothing. If you have Windows shares on your filer you need to turn on CIFS auditing on your filer.