Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Payment Card Industry (PCI) Solution

Implementation: Section 8

PCI Requirement Check Point Solution
8. Assign a unique ID to each person with computer access

8.1 Identify all users with a unique user name before allowing them to access system components or cardholder data.

Authentication is an essential part of all Check Point solutions, including Check Point VPN solutions, as well as user authentication for VPN-1. VPN-1 supports multiple databases for authentication, including an internal database, Microsoft Active Directory, or OPSEC-certified LDAP and RADIUS databases.

Check Point VARs, SIs, and business partners can provide consulting services to help an organization define an ID program that can assign users with unique IDs for use with Check Point solutions.

8.2 In addition to assigning a unique ID, employ at least one of the methods below to authenticate all users:

  • Password
  • Token devices (for example, SecurID, certificates, or public key)
  • Biometrics

Check Point supports many user authentication mechanisms across all our products. VPN-1 and Connectra support password, token, digitalcertificate, and one-time-password authentication for entities seeking access to protected cardholder data, through both internal and external (OPSEC) partnership capabilities. Check Point provides integrated certificate authority (X.509 digital certification) for both user and entity authentication. This enables users to have strong authentication between different entities without having to deploy a separate certificate authority, thus providing a simpler means to comply. Check Point also supports shared secrets for VPNs and supports an internal user database with user names/passwords or domain passwords.

Check Point VARs, SIs, and business partners can provide consulting services to help an organization choose and deploy an authentication mechanism that fits the needs of your organization, will work with Check Point solutions, and meet the needs of section 8.2.

8.3 Implement two-factor authentication for remote access to the network by employees, administrators, and third parties. Use technologies such as remote authentication and dial-in service (RADIUS) or terminal access controller access control system (TACACS) with tokens; or VPN (based on SSL/TLS or IPSEC) with individual certificates.

Check Point can support two-factor authentication across a wide range of solutions. VPN-1 solutions offer a multitude of authentication options, including RADIUS, TACACS, and token cards. In addition, VPN-1's OpenPKI ensures that it is compatible with leading PKI solutions from vendors such as Baltimore Technologies, Entrust, and VeriSign, enabling organizations to manage very large IPSec VPN deployments. Check Point's unique Hybrid Mode Authentication allows organizations to deploy IPSec VPNs while leveraging existing authentication schemes such as SecurID tokens.

Organizations that wish to implement strong authentication "out of the box" can use Check Point One-Click Certificates. With an Internal Certificate Authority included with VPN-1 Power, VPN-1 UTM, and VPN-1 UTM Power, X.509 digital certificates can be issued to VPN-1 gateways and VPN-1 SecureClient users. One-Click Certificates provide industry-standard, two-factor authentication without the complexity and expense of PKI systems.

Connectra can support two-factor authentication using a combination of username and password (through LDAP and RADIUS), along with PKI certificates or third-party OPSEC authentication tokens.

Check Point VARs, SIs, and business partners can provide consulting services to help an organization define the authentication systems and strategy that fits the needs of each individual organization and that complement Check Point solutions to address this requirement.

8.4 Encrypt all passwords during transmission and storage on all system components.

All passwords are fully encrypted during transmission using Check Point Secure Internal Communication (SIC) and are stored internally encrypted.

8.5 Ensure proper user authentication and password management for non-consumer users and administrators on all system components

Check Point access solutions support proper authentication and password management for all users, including guest, non-consumer, and administrators on all system components.

Check Point VARs, SIs, and business partners can provide consulting services to help define the process-related portions of section 8.5 that are enforced by Check Point solutions.

Go to Check Point Product Info: