Print ArticlearchiveblogClose Window
ClearPath Connection
MCP

Locum 360: An All-Around PCI DSS Compliance Toolset for ClearPath MCP Systems


Our world is defined by its ever-increasing need for, and reliance on, software. From telling us the location of our next meeting, to helping us find the best tacos, to notifying us when our cars need service, software coordinates, manages, and governs most every aspect of our lives.

But this also means we’re far more vulnerable than we once were. After all, when you’re living in a software-defined world, there’s always an element of risk to contend with – and there’s no such thing as being too careful.

To combat these threats, various compliance standards and governance bodies have been established, including the Payment Card Industry Security Standards Council (PCI SSC). The PCI SSC implements standards for security policies, technologies, and ongoing processes designed to protect payment systems from data breaches and theft.

These guidelines are captured in the PCI Data Security Standards (DSS) version 3.1. This set of compliance requirements has far-reaching implications for all organizations that store, process, or transmit cardholder data – even if they aren’t financial institutions. And, they’ll all be updated when the next version of the standard – PCI DSS v3.2 – is released in the first half of 2016.

To help you align your operations with a number of aspects related to compliance and IT governance, including those established in the PCI DSS 3.1, we’ve partnered with Locum Software Services Limited to offer Locum 360, a comprehensive and integrated security alerting, assessment, auditing, and administration solution for ClearPath® MCP systems.

Helping You Meet PCI DSS Standards

The PCI DSS guidelines center around 12 high-level data security requirements and six specific topics, each of which includes multiple procedural and technical rules that apply to any network component, server, or application included in, or connected to, the cardholder data environment.

With the help of Locum 360, you can meet a number of these technical requirements, including:

  • Restricting access to cardholder data based on specific business privileges
  • Removing and/or disabling inactive user accounts within 90 days
  • Managing the IDs vendors use to access, support, or maintain system components
  • Limiting repeated access attempts and setting minimum lockout durations
  • Scrutinizing and verifying user identities before they’re able to execute critical actions
  • Coupling proper user-authentication management with unique IDs
  • Tracking and monitoring access to network resources and cardholder data
  • Detecting unauthorized changes to critical system files

Locum 360 makes this possible by providing four unique modules, each of which is designed to focus on a specific aspect of security:

  • Locum RealTime Monitor: Whether used as a dashboard or a Microsoft® Windows® service, Locum RealTime Monitor gives you immediate alerts about security-related events and allows your administrators to collect and route data from multiple MCP systems to one or more security workstations, as well as external SIEMs.
  • Locum SafeSurvey: Locum SafeSurvey enables you to assess the security of your MCP environment and compare compliance and performance over time using a series of detailed reports that highlight areas of potential risk.
  • Locum SecureAudit: The detailed retrospective reports in Locum SecureAudit help your security administrators, compliance officers, and auditors see any activity or condition that might pose a security threat.
  • Locum Safe & Secure: With Locum Safe & Secure, you can centralize and simplify security administration using a wide range of tools, including extensive inquiry and search facilities, and synchronize these changes across multiple MCP systems.

Combined, the four modules that comprise Locum 360 can help you make great strides towards a more secure MCP operating environment. For instance, you can coordinate security across multiple MCP systems from a single point of control, making it easier for you to:

  • Manage privileges
  • Retrieve and correlate security information
  • Strengthen authentication
  • Authorize and delegate system commands
  • Catch attempted security breaches

Before You Begin…

To fully benefit from Locum 360, it’s critical that you load all components of the software onto all MCP instances, in all systems, and all software editions, including disaster recovery/business continuity implementations.

Please note that all four Locum 360 modules can be licensed together and activated with a single unique software license key. Alternatively, if you already have one or more modules already active, you can license and activate each module separately using the key unique to that module.

Please visit our web site to learn more about Locum 360. And for a deeper dive into the world of PCI compliance, please read our recently updated white paper.