PCI Requirement

Redbox Platform

Inherent to the MPS Architecture. The Redbox provides a multiport firewall as part of the solution to provide network access control and network segmentation. Additionally, the architecture provides a means to automate the validation of firewall rules on all Redbox systems.

Inherent to the MPS Architecture. MPS platforms have been standardized and hardened to prevent unauthorized access and are monitored centrally to ensure ongoing system integrity. Additionally, the MPS monitors configurations of POS, application files and other systems to demonstrate that hardened configurations remain in place and detect any unauthorized changes.

Cardholder data is not stored in the Reliant solution, but the solution can be extended to support features such as encryption key management depending on the POS system requirements and features of the environment.

Inherent to the MPS Architecture. Encrypts transmission of cardholder data over untrusted networks and non-cardholder data environments through an industry standard VPN that terminates at the merchant headquarters location.

All MPS components include Anti-Virus Software. The system supports use of third-party AV solutions for Windows or Linux POS hosts.

Inherent to the MPS Architecture. Supports System Development Lifecycle requirements through central management console for remote Redboxes. Changes, which range from simple patches to the addition of entirely new features, are controlled centrally and propagate across the Redbox network without the need for any remote-hands support. Additionally, the system supports use of third-party configuration control solutions such as Microsoft’s Active Directory.

Inherent to the MPS Architecture. Access control implementation is flexible depending on environment characteristics. Supports PCI requirement for “separation of duties” and for secure non-console administrative access with two-factor authentication. Additionally, the system supports use of third-party access control solutions such as Microsoft’s Active Directory.

Inherent to the MPS Architecture. See item 7 above.

Small form factor of MPS appliance allows it to be easily secured in a manager’s back office or small telecommunications closet

Inherent to the MPS Architecture. The system automates log collection and aggregation at both store and central locations. Logs are collected from a variety of systems including POS and back-office servers. MPS provides flexible log reporting and alerts on specified events.

Inherent to the MPS Architecture using a variety of technical controls, including:

• Network-based alerts can be forwarded via email or the MPS log server
  
• File Integrity Monitoring of POS and backoffice systems including daily comparison of critical windows system files
  
• Vulnerability Scanning is supported to meet the PCI requirement for quarterly scans of internal systems.
  
• Rogue Access Point Detection is supported in a manner consistent with recent guidance from the PCI Standards Council Special Interest Group for Wireless Security

Documentation of compliance is central to the solution. Reliant provides a thorough description of all controls provided by the MPS system in its MPS Auditor’s Guide. The guide meets the stringent requirements for PCI documentation as proven in repeatedly successful Level 1 PCI audits.