Account Log in

This is my sixth post dedicated to the use of Identity Management (IdM) and related technologies to address the Payment Card Industry Data Security Standard (PCI DSS).  This specific post is related to requirement seven (i.e. the requirement to restrict access to cardholder data by business need to know).  The outline and mapping of individual articles to the requirements can be found in the overarching post that started the series.

Section 7 of the PCI DSS standard talks about access control and limiting the privileges of administrative accounts.  IdM can play a big role in addressing these requirements.  IdM provides several key features that are related to access control and privileged account management.  The first one is

host-based-access-control (HBAC).  With HBAC, one can centrally define which groups of users can access which groups of systems using which login services.  Another feature is an ability to centrally define sudo rules that control which users can run which commands on which systems as other users (usually as root).  Yet another capability worth mentioning is the ability to define how user account are mapped to the SELinux user.  Using this feature one can, for example, prevent developer accounts from touching executables on production machines while still enabling them read access to some of the parts of the application data and log(s) for better troubleshooting of potential bugs or misconfigurations.

Questions about how Identity Management relates to requirement seven? Reach out using the comments section (below).


About the author

Red Hat logo LinkedInYouTubeFacebookTwitter

Products

Tools

Try, buy, sell

Communicate

About Red Hat

We’re the world’s leading provider of enterprise open source solutions—including Linux, cloud, container, and Kubernetes. We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Subscribe to our newsletter, Red Hat Shares

Sign up now

Select a language

© 2022 Red Hat, Inc.