Is your enterprise required to keep your Azure PCI compliant? If so, then you must know how stressful it can be to provide evidence that the customer cardholder data you store in the cloud is handled according to the requirements of the Payment Card Industry Data Security Standard (PCI DSS). To ensure data security and pass attestation of compliance (AOC), you need to start by monitoring sign-in activity and all changes to your Microsoft Azure AD configuration, which controls entry to your cloud directory service.
Azure Active Directory (AD) is the gateways to the Microsoft Azure platform and its integrated cloud services. Securing Azure AD is critical for maintaining cloud services operations, ensuring information security and passing payment card industry audit checks. Therefore, you need to protect it from unauthorized configuration changes and unwarranted logins. Microsoft Trust Center is a one-stop shop that helps you understand compliance in the Microsoft cloud and get targeted information.
To ensure Azure PCI compliance, you’ll need to align your Azure AD security controls with the following payment card industry (PCI DSS 3.2) requirements for systems access management:
Requirement 6: Develop and maintain secure systems and applications.
Requirement 8: Identify and authenticate access to system components.
Requirement 10: Track and monitor all access to network resources and cardholder data.
In addition to controlling access, you need to secure the business-critical cloud services where PCI data can be stored. In particular, you need to adhere to the following DSS compliance requirements:
Requirement 3: Protect stored cardholder data.
Requirement 7: Restrict access to cardholder data by business need to know.
Requirement 12: Maintain a policy that addresses information security for all personnel.
When your next audit check comes around, you can be sure that you’ll be able to provide qualified security assessors (QSA) with all the necessary evidence that your Azure AD is secure. Netwrix Auditor for Azure AD delivers 360-degree visibility into security and configuration changes and reports on both successful and failed sign-ins, helping you ensure that no suspicious activity goes under your radar so you can protect your critical assets and avoid PCI DSS compliance failures. With Netwrix Auditor, you can: