White Paper: Securing Privileged Accounts: Meeting the Payment Card Industry (PCI) Data Security Standard (DSS) 3.2 with CyberArk Solutions


Any organization involved in payment card processing is well-aware of their obligations to protect cardholder data in compliance with the Payment Card Industry Data Security Standard (PCI DSS). All entities that store, process or transmit cardholder data and/or sensitive authentication data, including merchants, processors, acquirers, issuers, and service providers are covered by PCI DSS. It provides a baseline of technical and operational requirements designed to protect cardholder data. The requirements apply to all system components included in or connected to the cardholder data environment.

Published in November 2013, PCI DSS version 3.0 was geared towards moving organizations from mere compliance to more comprehensive security approaches. Since version 3.0 was published, two updates have been released that offer additional guidance and clarify existing or issue new requirements. The latest version of PCI DSS, Version 3.2, was published in April 2016 and introduces the requirement of multi-factor authentication (MFA) for administrators accessing the cardholder data environment (CDE). All entities must align with the new requirements in PCI DSS 3.2 by January 31, 2018.