Chapter 8. PCI DSS compliance
The Payment Card Industry Data Security Standard (PCI DSS) is the global
information security standard, for organizations that process, store, or transmit
data with any of the major credit card brands. IBM FlashSystem A9000R systems
comply with PCI DSS standards.
Table 30 describes how IBM FlashSystem A9000R comply with these standards.
Table 30. PCI-DSS Support
Requirement
PCI-DSS
Section
FlashSystem A9000R solution
Encrypt all non-console
administrative access
2.3
All management connections are
secured via IPSec.
Implement a data retention and
disposal policy that
includes...Processes for secure
deletion of data when no longer
needed
3.1.1
FlashSystem A9000R provides
data-at-rest encryption by use of SED
capabilities of the flash enclosure IBM
MicroLatency modules and by
encrypting the SSD vault devices.
Disk encryption and key
management requirements
3.4.1, 3.5, 3.6 Key management using IBM's SKLM
key server services, using KMIP key
exchange protocol. Disks are
encrypted using AES256 in XTS
mode.
Change user passwords at least every
90 days
8.5.9
Enforcement of password expiration
may be provided using LDAP
servers, as configured by the system
administrator.
Note:
Password expiration rules do
not apply to the storage admin user.
Minimum password length ...
passwords containing both numeric
and alphabetic characters ... Limit
repeated access attempts ... Set the
lockout duration to a minimum of 30
minutes
8.5.10 - .14
Enforcement of password rules may
be provided using LDAP servers, as
configured by the system
administrator.
Note:
Password enforcement rules do
not apply to the storage admin user.
If a session has been idle for more
than 15 minutes, require the user to
re-authenticate
8.5.15
Supported by IBM Hyper-Scale
Manager UI and XCLI utility.
Audit trails
10.5.1- .7
The audit trails are supported
through the syslog (Service Center)
server.
© Copyright IBM Corp. 2016, 2017
89
Summary of Contents for 9835-415
Page 1: ...IBM FlashSystem A9000R Models 9835 415 and 9837 415 Deployment Guide GC27 8565 03 IBM ...
Page 5: ...Index 99 Contents v ...
Page 6: ...vi IBM FlashSystem A9000R Models 9835 415 and 9837 415 Deployment Guide ...
Page 8: ...viii IBM FlashSystem A9000R Models 9835 415 and 9837 415 Deployment Guide ...
Page 10: ...x IBM FlashSystem A9000R Models 9835 415 and 9837 415 Deployment Guide ...
Page 22: ...xxii IBM FlashSystem A9000R Models 9835 415 and 9837 415 Deployment Guide ...
Page 26: ...4 IBM FlashSystem A9000R Models 9835 415 and 9837 415 Deployment Guide ...
Page 30: ...8 IBM FlashSystem A9000R Models 9835 415 and 9837 415 Deployment Guide ...
Page 84: ...62 IBM FlashSystem A9000R Models 9835 415 and 9837 415 Deployment Guide ...
Page 100: ...78 IBM FlashSystem A9000R Models 9835 415 and 9837 415 Deployment Guide ...
Page 110: ...88 IBM FlashSystem A9000R Models 9835 415 and 9837 415 Deployment Guide ...
Page 112: ...90 IBM FlashSystem A9000R Models 9835 415 and 9837 415 Deployment Guide ...
Page 120: ...98 IBM FlashSystem A9000R Models 9835 415 and 9837 415 Deployment Guide ...
Page 124: ...102 IBM FlashSystem A9000R Models 9835 415 and 9837 415 Deployment Guide ...
Page 125: ......
Page 126: ...IBM Printed in USA GC27 8565 03 ...