Web-based attacks continue to increase, and financial data is consistently some of the most highly targeted data in cyberattacks. PCI has defined the PCI-DSS (Data Security Standard) to help protect consumers, promote trust, ensure legal and regulatory compliance, and provide industry-wide standards for securing payment card data.
A major component of the PCI-DSS is the Cardholder Data Environment, which is the part of the organization’s network that stores, processes, or transmits cardholder data. This includes any system or network component that processes, stores, or transmits cardholder data. This can include servers, applications, databases, networks, and workstations. The CDE also includes any component that is directly connected to the cardholder data environment, such as firewalls, switches, and routers.
If an organization manages cardholder data, it should be processes within the secured CDE, which is segregated from the rest of the organizational network. This additionally protects cardholder data from threats to the rest of the organization.
Evolve Security’s CDE validation testing helps you proactively identify, prioritize, remediate, manage, and report on the integrity of the CDE – helping you to ensure that the CDE is separated from the rest of your network, and that the segregating controls are operating as intended. We provide actionable results, findings, and recommendations, all of which help you verify you have appropriate control over your CDE, and are meeting your security and compliance needs.