Payment Card Industry Data Security Standard (PCI DSS)

PCI-DSS was developed by the major credit card companies as a guideline to help organizations that process card payments prevent credit card fraud, hacking and various other security vulnerabilities and threats. It is regarded as an industry-established policy and requires compliance by all merchants and service providers that stores, processes, or transmits credit card holder data.

If your business stores, processes, or transmits credit card holder data, you know that PCI compliance security standards have become more demanding. No matter how many credit cards your company processes or handles, it must comply with all Payment Card Industry Data Security standards. Additionally, if you store protected health information, you are required to be HIPAA compliant; or if you are a public company, your financial systems are required to be SOX compliant.

ZZ Servers provides a suite of professional services specifically engineered for customers who require advanced management services for their IT infrastructure that is so critical to their mission. By working directly with our customers, we are able to coordinate and manage the complex requirements of our customers’ IT infrastructure.

Our relationship continues beyond deployment, and includes life-cycle management, fully managed security services, monitoring, incident response, configuration and change management, as well as compliance reporting. ZZ Servers’ professional services help companies get control of the growing cost of increasingly rigorous infrastructure and network requirements.

ZZ Servers’ collection of hosting and management services can be custom-tailored to meet your unique business requirements. Each of our services provide and meet the different requirements found in the PCI-DSS. Among the services we offer are:

Service Details PCI Requirements
Hosting
  • Application, database and web hosting in multiple configurations
  • Domain Services
  • Shared and Private Load Balancers
  • Two factor Authentication (Hardware Token or Certificate)
  • Automated Access Control Systems
  • Secure Remote Console access
  • Secure and stable data-centers (SAS70, ISO, PCI)
  • Comprehensive contract, acceptable use and privacy policies
 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, A1
Managed Firewall's
  • Control network access and egress
  • ZZ Servers Security, Firewall and Management Policies and Procedures
  • Network Design: Business based rule configurations,  up-to-date diagrams
  • Application and card-data flow diagrams
  • Formal Change Management Process
  • Secured configuration archive
 1, 4, 6, 7, 8, 10, 12
Server Management
  • ZZ Servers System configuration standards based on SANS, NIST, CIS & DOD
  • Manage servers: security patches, operating system upgrades, backups, application troubleshooting
  • User and Account Management
 2, 3, 4, 5, 7, 8, 10, 12
System Monitoring
  • Monitor and retain historical data about all aspects of systems.
  • 24x7 daily, weekly, monthly and yearly operational and security procedures
 1, 2, 5, 10, 12
Change Management
  • Ensure standardized & compliant methods and procedures are used for efficient and prompt handling of all changes
 6
Application Firewall's
  • Targeted intrusion prevention on key systems.
 6, 10, 12
Intrusion Detection and Prevention System
  • Intrusion Prevention/Intrusion Detection at the network perimeter or interior to the network
 10, 11, 12
File Integrity Monitoring / Host Intrusion Detection
  • 24x7 real-time monitoring critical server, application, configuration and log files for unauthorized modification

10, 11, 12 

Log Monitoring and Retention
  • 24x7 real-time analysis of logs and alerts from security devices and critical IT assets by certified experts and comprehensive archiving of logs

10, 11, 12 

Penetration Testing   11
Vulnerability Scanning
  • Data center Wireless Analyzer
  • Vulnerability Evaluation and inventorying of internal and external  network assets
  • PCI ASV External Vulnerability Scanning
  • Penetration Testing - Network and Application
 11
Compliance Management

 

  
Training
  • PCI and Security awareness training through on-site or webinar
 12

 

From simple web presences to complex geographically redundant systems, ZZ Servers can have your infrastructure configured, compliant, secured, and online fast and affordably.

PCI Enabled Plans

Related Info

Customer Quotes

WickedZ, LLC, CO, USA

"Kerio MailServer has been the foundation for our tiered email solution for two years. Utilizing Linux for our email gateway with Kerio‘s integrated spam and virus protection has provided the level of protection required to maintain our business operations. In fact, we have been free of business impacting virus outbreaks since implementation. Thank You Kerio!"


Aaron Zieschang, Founder