Manualshelf

PCI-DSS Compliance for an HP-UX Host

ManualsBrandsHP ManualsSoftwareHP-UX Security Products and Features Software
11121314151617181920
12
Requirement 7: Restrict access to cardholder data by
business need to know
Sub Req# Requirement Products
7.1
Limit access to system components and cardholder data HP-UX RBAC
7.2
Establish an access control system for systems
components with multiple users
HP-UX RBAC
7.1 Limit access to system components and cardholder data to only those
individuals whose job requires such access
7.2 Establish an access control system for systems components with
multiple users that restricts access based on a user’s need to know, and is
set to deny all unless specifically allowed
This requirement mainly deals with limiting the access to the cardholder data. It mandates access to critical data
based on business need to know .To ensure that critical data can only be accessed by authorized personnel, systems
and processes must be in place to limit access according to job responsibilities.
Enterprise environments contain systems monitored by multiple users. System administration is generally provided
with a common, shared account root. Although root account simplifies administration, it is not the best way as it can
lead to many security issues.
HP-UX Role-Based Access Control (RBAC) is an alternative to the traditional "all-or-nothing" root user model that
grants permissions to the root user for all operations, and denies permissions to non-root users for certain
operations. HP-UX RBAC allows you to distribute administrative responsibilities by creating roles with appropriate
authorizations and assigning them to non-root users and groups.
RBAC also provides Customizable Access Control Policy Switch (ACPS) that determines whether a subject is
authorized to perform an operation on an object.
For more information about HP-UX RBAC, see Appendix A.
Requirement 8: Assign a unique ID to each person with
computer access
Sub Req# Requirement Products
8.1
Assign all users a unique ID HP-UX Directory Server
8.2
Employ methods to authenticate all users HP-UX Directory Server
8.3
Incorporate two-factor authentication
for remote access
HP-UX AAA Server
8.4
Render all passwords unreadable
during transmission and storage
OpenSSL, HP-UX IPSec , HP-UX EVFS
8.5
Ensure proper user identification and authentication
management
HP-UX Directory Server, HP-UX RBAC
8.1 Assign all users a unique ID before allowing them to access system
components or cardholder data