According to Wikipedia, the unicorn is this legendary animal that has been described since ancient times as a beast with a large, pointed, spiraling horn projecting from its forehead. So how does this relate when someone asks if a device or product is Payment Card Industry (PCI) compliant?   Because when speaking of something legendary and elusive, you must explain exactly how the story evolves into modern lore.
PCI DSS (data Security Standard) is a standard that details the credit card security requirements so that any company that has to handle credit card processing needs to follow the PCI DSS standard.
A couple of the more fanciful lore of PCI are:
  • Is [Product A} PCI Compliant?  With PCI, vendor organizations do not certify devices.  See  Santa Claus, Unicorns, PC Compliant products blog
  • Does [Product A] meet all PCI requirements?  Some of the requirements are process related items and has nothing to do with the product.  The right thing to say is that a product meets the PCI DSS security requirements – and show exactly which requirements are met with the product and how they must be configured.
NetScaler handles and address all the areas required to meet PCI requirements where an Application Delivery Controller and Web Application Firewall provide value.  And NetScaler has been meeting the requirements for several years now:  NetScaler PCI
NetScaler has evolved and follows the PCI 2.0 requirements and is Common Criteria certified as well as ICSA Labs certified.  The ICSA Labs WAF certification ensures our Application Firewall is WAF certified and has all the required security features and therefore follows the PCI standards.  See previous Common Criteria and ICSA labs certification blog on detailed reports for each certifications.
Someone may also ask if SDX is a PCI compliant product –  same answer applies since same NetScaler software that went through the certifications runs on SDX.  Here is  a summary of what NetScaler does for PCI DSS:
  • NetScaler enforces secure use of applications and protocols
  • Ensures authentication of users and processes
  • Blocks or masks credit cards from being displayed
  • Provides for centralized policy configuration
  • Generates detailed logging, alerting and reporting with actual PCI reports
Don’t chase unicorns – get the facts and the reports to back them up.  NetScaler is the only ADC/WAF with built-in PCI configuration reporting.