The Barracuda Web Application Firewall assist organizations of all types that store, process and/or transmit credit card numbers, comply with the Payment Card Industry Data Security Standard (PCI DSS) requirements. In response to increased identity theft incidents and security breaches, major credit card companies collaborated in Sept. 2006 to create the 12 procedural and system requirements, commonly known as PCI DSS to standardize how to store and access Primary Account Number (PAN) information.
PCI DSS 2.0 was released in October of 2010 with two additional Evolving Requirements that pertain to section six (6) i.e. Develop and maintain secure systems and applications. A new update in section 6.2 mandates a formal risk assessment to classify High Risk vulnerabilities that apply within the organizations Cardholder Data Environment (CDE). An additional section, 6.5.6 adds new compliance requirements and testing to address high-risk vulnerabilities identified in the updated section 6.2. Both changes are currently an optional Best Practice but become mandated requirements on July 1, 2012.
The Barracuda Web Application Firewall provides strong protection that help merchants and organizations meet PCI DSS compliance requirements. It secures web applications against web attacks and vulnerabilities, including the latest High Risk vulnerabilities listed by the PCI council.
Payment Card Industry Data Security Standard (PCI DSS) Requirements
The 12 PCI DSS requirements are organized into 6 main categories. To be fully compliant, an organization must satisfy all 12 requirements.
- Maintain a Secure Network: Requirements 1 and 2
- Install and maintain a firewall configuration to protect cardholder data
- Do not use vendor-supplied defaults for system passwords and other security parameters
- Protect Cardholder Data: Requirements 3 and 4
- Protect stored cardholder data
- Encrypt transmission of cardholder data across open, public networks
- Maintain a Vulnerability Management Program: Requirements 5 and 6
- Use and regularly update anti-virus software
- Develop and maintain secure systems and applications
- Implement Strong Access Controls: Requirements 7, 8, and 9
- Restrict access to cardholder data by business need-to-know
- Assign a unique ID to each person with computer access
- Restrict physical access to cardholder data
- Regularly Monitor and Test Networks: Requirements 10 and 11
- Track and monitor all access to network resources and cardholder data
- Regularly test security systems and processes
- Maintain an Information Security Policy: Requirement 12
- Maintain a policy that addresses information security
Source: PCI Security Standards version 2.0 - http://www.PCISecurityStandards.org.
Barracuda Networks Enables PCI DSS Compliance
The Barracuda Web Application Firewalls are designed as easy and cost-effective solutions to achieve PCI DSS compliance. In addition to satisfying the time-sensitive need to install a Web application firewall into your network for PCI DSS Section 6.6 compliance, the Barracuda Web Application Firewall further ensures PCI DSS compliance with a host of other advanced technologies.
The Barracuda Web Application Firewall enables PCI DSS compliance across major requirements:
| Requirement | Barracuda Web Application Firewall |
| 1 - Install a Firewall | Acts as a Web application firewall |
| 3 - Protect data | Proxies Web traffic and insulates Web servers from direct access by attackers |
| 4 - Encryption | Provides easy SSL encryption even if the application or server does not enable SSL |
| 6 - Protect Against Vulnerabilities | Blocks known and zero-day attacks as well as the industry-accepted top 10 Web application vulnerabilities for custom development, legacy and third-party applications |
| 7 - Restrict Access | Provides role-based administration to security policies |
| 10 - Track and Monitor Access | Logs and reports application access and security violations |
Related Information
Technology Partners See more..
Awards More Awards..
Customer Spotlight See more..
Customer Feedback See more..
The Barracuda Web Application Firewall has helped us manage several international enterprise Web applications, including Web-based email. The easy load-balancing and scalability enables us to have nearly 100 percent uptime while providing the quick response times that users expect. With its superior security features, the Barracuda Web Application Firewall protects our network from malicious application layer attacks, and allows us to deploy widely available cost-effective services within our budget. Since deployment, we have seen an increased usage of our Web applications and services.
