MAX Remote Management goes beyond PCI DSS requirements
What Are the Payment Card Industry Data Security Standards (PCI DSS)?
PCI DSS is a set of rules that set the standards for processing, storing, and transmitting credit card information. Established and maintained by the Payment Card Industry Security Standards Council, the standards were set to minimize credit card fraud and theft on consumer transactions.
Is MAX Remote Management PCI DSS Compliant?
MAX Remote Management is not subject to PCI DSS rules; however, our security goes well beyond the requirements stated in the PCI DSS standards. PCI DSS applies to any organization that processes one or more of the top five major credit cards. However, these rules do not apply directly to the MAX Remote Management application because MAX Remote Management does not process, contain, transmit, store, or receive credit card information of any kind. However, our application uses stricter security standards, outlined in the following section.
How Does MAXfocus Provide Security Above and Beyond the PCI DSS Requirements?
Despite the fact MAX Remote Management is not subject to PCI DSS, we still go beyond the formal data security requirements in the respect that:
- All transmissions between MAX Remote Management and agents are encrypted
- No user can access systems without a unique user ID and password
- Users can enable two-factor authentication and IP whitelisting
- We log all application activity, providing an audit trail for any issues
- Our advanced monitoring agent can be used without any Internet-facing open ports
- Teamviewer, the service that provides remote access, uses two-factor authentication to provide additional security and generates a unique session code for each session
- We log out accounts with idle dashboards after an inactivity period
Additionally, we regularly assess the MAXfocus infrastructure for the following vulnerabilities:
- Injection flaws—particularly SQL injection, command injection, LDAP injection, and XPath injection
- Buffer overflow
- Insecure cryptographic storage
- Insecure communications
- Improper error handling
- Cross-site scripting (XSS)
- Improper access control (such as insecure direct object references, failure to restrict URL access, and directory traversal)
- Cross-site request forgery (CRSF)
- Internal and external network vulnerability scans at least quarterly
You can learn more about PCI DSS at the PCI Security Standards Council website.