InOrder Supports PCI DSS Compliance Efforts for Protecting Stored Cardholder Data

PCI DSS contains requirements for the protection of stored cardholder data using cryptographic keys. These keys must be changed at least once a year. This is a straightforward procedure for you and your key custodians using the InOrder Key Management Wizard.

The network administration / security personnel, along with the designated Key Custodians, run the InOrder Key Encryption Wizard to change the key. If a key is old or suspected to be compromised, it is replaced. This procedure is audited by the system so your PCI QSA can confirm it has been done.

The InOrder Key Management Wizard supports PCI DSS compliance efforts by assisting with the following tasks for handling cryptographic key material:

  • Generation of strong cryptographic keys
  • Secure cryptographic key storage by generating key encrypting keys
  • Split knowledge and dual control of cryptographic keys
  • Periodic cryptographic key changes
  • Rendering cryptographic material irretrievable by retirement or replacement of old or suspected compromised cryptographic keys
  • Re-encrypting historic data with new keys
  • Requirement for cryptographic key custodians to acknowledge that they understand and accept their key custodian responsibilities
  • Backup and restore of keys
  • Audit of all key maintenance operations
  • Required use of complex passwords
  • Restricting key access to the fewest number of custodians necessary
  • Storing keys securely in the fewest possible locations and forms

Please refer directly to PCI DSS for your responsibilities under these requirements. If you have specific questions relating to your responsibilities for PCI DSS compliance, please direct them to your Qualified Security Assessor (QSA).

 

Share on FacebookShare on LinkedInTweet about this on TwitterShare on Google+Email this to someone

No Comments

Leave a response

1 (888) 667-7332

Contact Us

Literature Downloads


Contact

Corporate Headquarters
Morse Data Corporation
16 Pierce Street
Dover, NH 03820
Toll Free: (888) 667-7332
Phone: (603) 742-2500
Fax: (603) 742-8178
Technical Offices
Morse Data Corporation
9661 W. 143rd St. Suite 200
Orland Park, IL 60462
Toll Free: (800) 860-9515
Phone: (708) 873-0010
Fax: (708) 873-9967

About