Achieving compliance with the Payment Card Industry Data Security Standard (PCI DSS) means that a 3rd party has performed an on-site audit of the policies and procedures that are in place to protect the cardholder data. The scope of the audit includes any and all parts of the network that may touch or carry card holder data.

The October 2008 update of the PCI DSS documentation states that companies can reduce the PCI audit scope using network segmentation to isolate the cardholder data in a secure segment. The result can be an acceleration of compliance and a reduction in the cost and complexity of a PCI audit because only the portion of the network holding the cardholder data needs to be audited.

Palo Alto Networks' Next-Generation Firewalls

Many technologies can be used to achieve network segmentation, but Palo Alto Networks is the only firewall that can segment the network and then apply policy-based control over applications, users and content that can access the cardholder data.

• App-ID: Enables control over the specific business applications, not just ports and protocols, that can have access to the secure segment containing the cardholder data – deny all else.
• User-ID: Tie application usage and access control directly to user and group information from Active Directory – as opposed to a cryptic IP address.
• Content-ID: Identify and block inbound threats of all types, monitor and control outbound transfer of cardholder data.
• SP3 Architecture: No compromise throughput and unmatched interface capacity to protect cardholder data.

Learn more about how Palo Alto Networks can help enterprises, particularly those with flat network architectures, reduce the cost and complexity of PCI compliance – download the Whitepaper.