Request Demo
Platform CapabilitiesPolicy Creation and ManagementFile Sharing and CollaborationFile Transfer AutomationFully Governed Email DataData Streaming with Next-gen DRMControlled AI Data AccessSecure Data Intake Via Online Forms
Use CasesControl Data ExchangeMeet Regulatory RequirementsSafeguard Private AI Data
PartnersTechnology PartnersMSP & MSSP PartnersResellers & Channel Partners
ResourcesResource CenterDevelopersCustomers
CompanyAbout UsManagementInvestorsCareersTechnical SupportNewsroomTrust PageVulnerability CenterContact Us
Request Demo
Mouseover to personalize your Kiteworks website experience

PCI DSS

Protect cardholder data with enterprise-grade encryption, access controls, and network security that meets Payment Card Industry Data Security Standards.

PCI DSS Content

How Kiteworks Supports PCI DSS Compliance

The Payment Card Industry Data Security Standard (PCI DSS) establishes comprehensive security requirements for any organization that stores, processes, or transmits cardholder data. With the release of PCI DSS v4.0, these requirements have become more rigorous, demanding a customized approach to security controls. Kiteworks provides enterprise-grade capabilities that help organizations meet PCI DSS requirements and protect sensitive payment card data throughout its lifecycle.

Addressing the 12 PCI DSS Requirements

PCI DSS is organized around 12 core requirements grouped into six control objectives. Kiteworks directly supports compliance across multiple requirements:

  • Requirement 1 - Network Security Controls: Kiteworks deploys as a hardened virtual appliance with built-in web application firewall (WAF), network firewall, and intrusion detection system (IDS), establishing strong network segmentation between cardholder data environments and untrusted networks
  • Requirement 2 - Secure Configurations: Pre-hardened appliance architecture eliminates vendor-supplied defaults and enforces secure configurations out of the box
  • Requirement 3 - Protect Stored Data: AES-256 encryption protects all stored cardholder data, with customer-controlled encryption keys ensuring only authorized personnel can decrypt sensitive information
  • Requirement 4 - Encrypt Transmissions: TLS 1.3 encryption protects cardholder data during transmission over open, public networks
  • Requirement 7 - Restrict Access: Role-based access controls enforce least-privilege principles, ensuring only authorized personnel access cardholder data
  • Requirement 8 - Identify Users: Multi-factor authentication, unique user IDs, and strong password policies verify user identity before granting access
  • Requirement 10 - Log and Monitor: Comprehensive, immutable audit trails track all access to cardholder data and network resources
  • Requirement 12 - Security Policies: Centralized policy management supports the documentation and enforcement of information security policies

Cardholder Data Protection

Protecting cardholder data is the primary objective of PCI DSS. Kiteworks secures cardholder data through multiple layers of protection:

  • Data classification: Identify and classify files containing cardholder data, primary account numbers (PANs), and sensitive authentication data
  • Encryption at rest: AES-256 encryption ensures stored cardholder data remains unreadable to unauthorized users
  • Encryption in transit: TLS 1.3 protects cardholder data during all network transmissions
  • Key management: Customer-controlled encryption keys with proper key rotation and secure storage procedures
  • Data retention controls: Automated retention policies ensure cardholder data is securely deleted when no longer needed for business, legal, or regulatory requirements
  • Rendering data unreadable: Strong cryptography ensures that even if storage media is compromised, cardholder data cannot be read

Access Controls and Authentication

PCI DSS requires strict access controls to prevent unauthorized access to cardholder data. Kiteworks provides:

  • Role-based access controls (RBAC): Define granular permissions based on job function and business need-to-know
  • Multi-factor authentication (MFA): Require two or more verification methods for all access to cardholder data environments
  • Unique user identification: Every user receives a unique ID, ensuring all actions are attributable to individual users
  • Password management: Enforce strong password requirements including minimum length, complexity, and regular rotation
  • Session management: Automatic session timeout after periods of inactivity to prevent unauthorized access
  • Privileged access management: Additional controls and monitoring for administrative access to systems containing cardholder data

Network Segmentation and Security

Reducing the cardholder data environment (CDE) scope through proper network segmentation is essential for PCI DSS compliance. Kiteworks supports network security through:

  • Hardened virtual appliance: Minimal attack surface with only necessary services and ports enabled
  • Built-in WAF: Protect web-facing applications from common attacks including SQL injection and cross-site scripting
  • Intrusion detection: Real-time monitoring for suspicious network activity and potential security breaches
  • DMZ deployment: Deploy in demilitarized zones to isolate cardholder data from internal networks
  • Micro-segmentation: Limit lateral movement within the network to contain potential breaches

PCI DSS Requirements Coverage

Requirement Description Kiteworks Capability
Req. 1 Install and maintain network security controls Built-in WAF, firewall, IDS, network segmentation
Req. 2 Apply secure configurations Pre-hardened appliance, eliminated defaults
Req. 3 Protect stored account data AES-256 encryption, customer-controlled keys
Req. 4 Protect data with strong cryptography in transit TLS 1.3, SFTP, S/MIME encryption
Req. 7 Restrict access by business need RBAC, least-privilege defaults, folder permissions
Req. 8 Identify users and authenticate access MFA, unique IDs, strong password policies
Req. 10 Log and monitor all access Immutable audit trails, SIEM integration, CISO Dashboard
Req. 12 Support with organizational policies Centralized policy management and enforcement

Logging, Monitoring, and Incident Response

PCI DSS requires comprehensive logging and monitoring to detect and respond to security incidents. Kiteworks provides:

  • Immutable audit trails: Tamper-proof logs capture every action on cardholder data—who accessed what, when, and from where
  • SIEM integration: Export logs to security information and event management platforms for centralized analysis and correlation
  • CISO Dashboard: Real-time visibility into all data access patterns and security events
  • Anomaly detection: Identify unusual access patterns that may indicate a security breach
  • Incident response support: Forensic-grade logging enables rapid investigation and containment of security incidents
  • Compliance reporting: Generate PCI DSS-aligned reports for Qualified Security Assessor (QSA) reviews

Why Choose Kiteworks for PCI DSS Compliance

Kiteworks helps organizations reduce PCI DSS scope and strengthen cardholder data protection:

  • Scope reduction: Centralize cardholder data communications through a single platform to minimize PCI DSS scope
  • Single-tenant isolation: Dedicated instances eliminate the shared-infrastructure risks of multi-tenant solutions
  • FIPS 140-3 validated encryption: Meet the strongest cryptographic standards required by PCI DSS
  • Automated compliance evidence: Reduce QSA assessment preparation time with one-click compliance reports
  • Flexible deployment: On-premises or private cloud deployment to meet your cardholder data environment requirements

From protecting primary account numbers to maintaining comprehensive audit trails, Kiteworks provides the security infrastructure that merchants, payment processors, and service providers need to achieve and maintain PCI DSS compliance while enabling secure business communications.