InOrder Supports PCI DSS Compliance Efforts for Protecting Stored Cardholder Data
PCI DSS contains requirements for the protection of stored cardholder data using cryptographic keys. These keys must be changed at least once a year. This is a straightforward procedure for you and your key custodians using the InOrder Key Management Wizard.
The network administration / security personnel, along with the designated Key Custodians, run the InOrder Key Encryption Wizard to change the key. If a key is old or suspected to be compromised, it is replaced. This procedure is audited by the system so your PCI QSA can confirm it has been done.
The InOrder Key Management Wizard supports PCI DSS compliance efforts by assisting with the following tasks for handling cryptographic key material:
- Generation of strong cryptographic keys
- Secure cryptographic key storage by generating key encrypting keys
- Split knowledge and dual control of cryptographic keys
- Periodic cryptographic key changes
- Rendering cryptographic material irretrievable by retirement or replacement of old or suspected compromised cryptographic keys
- Re-encrypting historic data with new keys
- Requirement for cryptographic key custodians to acknowledge that they understand and accept their key custodian responsibilities
- Backup and restore of keys
- Audit of all key maintenance operations
- Required use of complex passwords
- Restricting key access to the fewest number of custodians necessary
- Storing keys securely in the fewest possible locations and forms
Please refer directly to PCI DSS for your responsibilities under these requirements. If you have specific questions relating to your responsibilities for PCI DSS compliance, please direct them to your Qualified Security Assessor (QSA).
No Comments