Achieve PCI-DSS compliance and simplify security audits |
AppFirewall ensures Payment Card Industry Data Security Standards (PCI-DSS) compliance through its PCI-DSS support and reporting tool. The compliance reporting tool shows AppFirewall settings relevant to PCI-DSS, how they should be configured and if they are being met. If a setting is found to be non-compliant, AppFirewall provides steps to rectify the situation. At a glance it is easy to determine if credit card blocking has been enabled and whether confidential fields have been configured and activated. With NetScaler AppFirewall, passing an audit has never been simpler. AppFirewall meets the following mandates and more. Section 1.2: Deny traffic from untrusted networks and hostsAppFirewall, in conjunction with Citrix Access Gateway, Enterprise Edition, restricts access to applications and data by allowing only the use of approved protocols and methods, only connections from trusted networks and only access to users who are authenticated and authorized. AppFirewall has obtained ICSA Labs Web AppFirewall Certification for additional assurance. Section 3.3: Mask account numbers when displayedAppFirewall is easily configured to mask or block PANs and otherwise prevent the leakage of sensitive cardholder data, regardless of programmer oversight, logic flaws or targeted attacks. Complete server responses with PAN data can be blocked from being transmitted to the requesting client. Section 3.5: Protect encryption keys against disclosure and misuseFIPS is a consideration within PCI DSS compliance. Four NetScaler appliances including the integrated AppFirewall module are FIPS 140-2 Level 2 compliant. These appliances securely maintain the certificates and encryption keys used for SSL/TLS and are all available in the FIPS versions of MPX 9700, MPX 10500, MPX 12500 and MPX 15500. Section 4.1: Use strong cryptography and security protocolsAppFirewall can be used to SSL-enable applications that were not designed to use secure communication protocols and support strong SSL cryptography with key lengths up to 4096-bit. AppFirewall inspects the contents of SSL/TLS encrypted sessions, ensures session validity and blocks attacks. Section 6.6: Audit and correct application code vulnerabilities or institute an application firewallAppFirewall provides continuous protection against attacks with instantaneous attack blockage, dynamically adjusts to code changes and supports multiple applications simultaneously. |
