Payment Card Industry (PCI) Solution

Implementation: Section 4

PCI Requirement	Check Point Solution
4. Encrypt transmission of cardholder across open, public networks
4.1 Use strong cryptography and security protocols such as secure sockets layer (SSL)/transport layer security (TLS), and Internet protocol security (IPSec) to safeguard sensitive cardholder data during transmission over open, public networks (includes sub-requirement for encryption in wireless networks).	Check Point's remote access solutions, VPN-1 and Connectra, provide strong encryption for data during transmission over open networks using standards-based encryption protocols. VPN-1 supports SSL- and IPSec-encrypted communication protocols. Connectra supports SSL- and TLS-encrypted communication protocols. In addition, both products support the MD5 and SHA-1 protocols to ensure the integrity of secure transmissions involving cardholder data. UTM-1 Edge, which provides Wi-Fi access as part of the solution, employs IPSec-over-WLAN encryption and enables the regular rotation of WEP keys. It supplements WEP, WPA, and WPA with inspection by Check Point's firewall, intrusion prevention, and antivirus technologies. Users who use IPSec over WLAN rather than WEP can be granted higher access rights, as well. Check Point VARs, SIs, and business partners can provide consulting services to deploy Check Point solutions within an organization to deliver the encrypted communication requirements outlined in section 4.1.
4.2 Never send unencrypted primary access numbers (PANs) by email.	Check Point remote access solutions, including VPN-1 and Connectra, can ensure that email communications that may contain PANs are encrypted as required by this section. Check Point VARs, SIs, and business partners can provide consulting services to deploy Check Point solutions with an organization's email system to deliver the encrypted communication requirements outline in this section.

PCI Requirement

Check Point Solution

4. Encrypt transmission of cardholder across open, public networks

4.1 Use strong cryptography and security protocols such as secure sockets layer (SSL)/transport layer security (TLS), and Internet protocol security (IPSec) to safeguard sensitive cardholder data during transmission over open, public networks (includes sub-requirement for encryption in wireless networks).

Check Point's remote access solutions, VPN-1 and Connectra, provide strong encryption for data during transmission over open networks using standards-based encryption protocols. VPN-1 supports SSL- and IPSec-encrypted communication protocols. Connectra supports SSL- and TLS-encrypted communication protocols. In addition, both products support the MD5 and SHA-1 protocols to ensure the integrity of secure transmissions involving cardholder data.

UTM-1 Edge, which provides Wi-Fi access as part of the solution, employs IPSec-over-WLAN encryption and enables the regular rotation of WEP keys. It supplements WEP, WPA, and WPA with inspection by Check Point's firewall, intrusion prevention, and antivirus technologies. Users who use IPSec over WLAN rather than WEP can be granted higher access rights, as well.

Check Point VARs, SIs, and business partners can provide consulting services to deploy Check Point solutions within an organization to deliver the encrypted communication requirements outlined in section 4.1.

4.2 Never send unencrypted primary access numbers (PANs) by email.

Check Point remote access solutions, including VPN-1 and Connectra, can ensure that email communications that may contain PANs are encrypted as required by this section.

Check Point VARs, SIs, and business partners can provide consulting services to deploy Check Point solutions with an organization's email system to deliver the encrypted communication requirements outline in this section.

Go to Check Point Product Info:

Return to Implementation