| 4.1.a Identify all locations where cardholder data is transmitted or received over open, public networks. Examine documented standards and compare to system configurations to verify the use of security protocols and strong cryptography for all locations. | Sheriff NIDS is capable of detecting PAN in NIDS traffic in plaintext, and alerts on it. | Existing correlation directives will generate alarms on credit card information detected in clear text. | Event Correlation |
| To verify that credit card data is not being stored in plain text, create a Security Events View with the search on Event Name containing "Credit Card". And then export the view as report module and run the report. | Create Custom Reports from SIEM Events |
| 4.1.c Select and observe a sample of inbound and outbound transmissions as they occur (for example, by observing system processes or network traffic) to verify that all cardholder data is encrypted with strong cryptography during transit. | Sheriff NIDS is capable of detecting PAN in NIDS traffic in plaintext, and alerts on it. | Existing correlation directives will generate alarms on credit card information detected in clear text. | Event Correlation |
| To verify that credit card data is not being stored in plain text, create a Security Events View with the search on Event Name containing "Credit Card". And then export the view as report module and run the report. | Create Custom Reports from SIEM Events |
| 4.1.e Examine system configurations to verify that the protocol is implemented to use only secure configurations and does not support insecure versions or configurations. | Sheriff CSM can test for the use of insecure versions of SSL and TLS. NIDS data and Vulnerability Scan data combined can assist with this. | Create a custom scan profile, and in the "Autoenable plugins option", select the "Autoenable by family" option. Then enable the following checks in the scanning profile for the target host:
| Creating a Custom Scan Profile |
| Run a Vulnerability Scan using the custom scan profile that was created. | Performing Vulnerability Scans |
| Export successful scan results and identify findings to determine if system is configured correctly. | Viewing the Scan Results |
| 4.1.f Examine system configurations to verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.) | The Vulnerability Scan in Sheriff CSM and Sheriff NIDS can test for the use of insecure versions of SSL and TLS. | Create a custom scan profile, and in the "Autoenable plugins option", select the "Autoenable by family" option. Then enable the following checks in the scanning profile for the target host:
| Creating a Custom Scan Profile |
| Run a Vulnerability Scan using the custom scan profile that was created. | Performing Vulnerability Scans |
| Export successful scan results and identify findings to determine if system is configured correctly. | Viewing the Scan Results |
| 4.2.a If end-user messaging technologies are used to send cardholder data, observe processes for sending PAN and examine a sample of outbound transmissions as they occur to verify that PAN is rendered unreadable or secured with strong cryptography whenever it is sent via end-user messaging technologies. | Sheriff NIDS is capable of detecting PAN in NIDS traffic in plaintext, and alerts on it. | Existing correlation directives will generate alarms on credit card information detected in clear text. | Event Correlation |
| To verify that credit card data is not being stored in plain text, create a Security Events View with the search on Event Name containing "Credit Card". And then export the view as report module and run the report. | Create Custom Reports from SIEM Events |