Using ThreatLockDown for PCI DSS compliance

The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle credit cards. The standard was created to increase controls around cardholder data to reduce credit card fraud.

ThreatLockDown helps ensure PCI DSS compliance by performing log collection, file integrity checking, configuration assessment, intrusion detection, real-time alerting, and active response. The ThreatLockDown dashboard displays information in real-time, allowing filtering by different types of alert fields, including compliance controls. We have also developed a couple of PCI DSS dashboards for convenient viewing of relevant alerts. The syntax used for tagging PCI DSS relevant rules is pci_dss_ followed by the number of the requirement (e.g., pci_dss_10.2.4 and pci_dss_10.2.5).

This guide explains how ThreatLockDown capabilities and modules assist with meeting PCI DSS version 4.0 requirements:

• ThreatLockDown for PCI DSS V4.0 Guide (PDF)

In the following sections, we show some use cases on how to use ThreatLockDown capabilities and modules to meet PCI DSS version 4.0 requirements: