The following are recommendations and information for the Protect Cardholder Data requirements.
Recommendations and Information for Requirement 3.1
The source system data should not be exposed directly to Omni-Gen for processing. The source data, which the client has residing in the existing infrastructure, should be protected based on the existing client needs. As the data is presented (on-ramped) into Omni-Gen, the client should select which data is required for processing, and any sensitive data should be properly masked. The client is advised to limit the intermediate storage of data and protect direct access to the data store.
Recommendations and Information for Requirement 3.2, 3.3, and 3.4
Developers and Operations users responsible for creating Omni Governance views into the data, across the Omni 360 Viewer and Omni Remediation, are responsible for ensuring that sensitive data is not presented to an unauthorized user. In cases where the data should be presented to the user, the data or part of the sensitive data should be masked according to guidelines.
For critical and sensitive data, which rests in the data store, the client is advised to follow the data store (database or such) specific PCI compliance instructions for protecting the data store from unintended access.
The client is advised to use the TLS and proper WSO2 role-based configuration for consumer facing applications, such as Omni Governance Console. The sensitive data should not be transmitted and presented to the Omni Governance Console, unless the user is within the trusted network and the protection of the sensitive data can be guaranteed by the network configuration.