March 4, 2019

How to Secure Data for PCI Compliance with macOS

The payment card industry data security standard, or PCI, is a key compliance standard that virtually any business that processes payment card data must follow. A business that cannot meet PCI compliance requirements will be hard-pressed to do business using credit or debit card-based transactions—a critical handicap in a modern market where, according to data from Statista, 29.5% of all transactions made in 2017 were done using a personal credit card, 9.2% were done on a debit card, and 8% were done via cash or check—PayPal was the second-highest transaction method, accounting for 14.8% of transactions.

Because of the prevalence of electronic transaction methods and the dwindling use of cash/checks, businesses need to meet PCI compliance standards so they can tap into the larger pool of potential customers that accepting credit and debit transactions brings.

So, how can your business achieve PCI compliance? Better yet, how can you secure data for PCI compliance with macOS devices?

Here are a few tips for securing data to achieve PCI compliance on Mac computers and mobile devices:

Get to Know the Requirements

The first step in achieving PCI compliance on Mac computers—or with any type of operating system—is knowing what the requirements are in the first place. The PCI Security Standards Council has a document that clearly outlines their secure software requirements. These requirements are broken into two components—a set of “core requirements” for payment software, and a set of “account data protection” measures specifically meant to protect cardholder data and authentication data.

The core requirements specified in the PCI Security Standards Council document are meant to achieve four main security objectives:

The core requirements specified in the PCI Security Standards Council document are meant to achieve four main security objectives:

  1. Minimize the attack surface
  2. Employ software protection mechanisms
  3. Secure software operations
  4. Secure software lifecycle management

In other words, a core part of meeting PCI compliance with macOS devices is to engage protection methods that minimize your vulnerability to attacks and to manage the software that runs on your Macs in such a way that the risk of the software being compromised is eliminated as much as possible.

Ensure You Have Control Over Software Installs on Your Macs

One way to secure data—and thus achieve PCI compliance on Macs—is to restrict user permissions on your macOS devices so that users cannot install or run unauthorized software programs. When users install non-work software programs on work devices, they run the risk of creating vulnerabilities in your network or even outright installing malware on their macOS devices.

By using a security configuration tool to create a whitelist of approved software programs, you can restrict employees from downloading and installing potentially malicious software—helping to improve cybersecurity and achieve PCI compliance.

Enforce Use of Data Encryption for ALL Payment Card Transactions

In the PCI compliance document, test requirement 1.1.f states that “The assessor shall examine vendor evidence and test the software to identify the cryptographic implementations that are supported by the software, including (but not limited to) cryptography used for storage, transport, and authentication.” In other words, the PCI Security Standards Council’s assessors will check to verify that there are proper encryption methods applied to data at rest and data in flight.

As such, enabling encryption is a must for achieving PCI compliance with macOS devices. Failing to encrypt data means failing to achieve PCI compliance.

Have a Means of Quickly Verifying Device Security Status

PCI compliance assessors need to be able to quickly verify that the individual devices on your network are using all of the proper security configurations. However, checking this manually can be an enormous hassle. Having a security configuration tool with a dashboard view that provides at-a-glance verification of each macOS device in your company’s network can help save time during an assessment. It also demonstrates to assessors that you have an established means of rapidly verifying device security status, which helps meet PCI security testing criteria.

Ensure That You Have Security Blueprints to Instantly Configure New Devices

Another major sticking point in the payment card industry security standard is that control objective 2.2 requires that “all software security controls, features, and functionalities are enabled upon software installation, initialization, or first use.”

This makes onboarding of new IT assets a crucial part of achieving PCI compliance. Here, it can help to have a security configuration tool that allows you to create a robust set of security setting blueprints to quickly plug new macOS devices into an existing blueprint so they can be data security compliant immediately.

So, how can you make following each of the above mentioned requirements easy? One way is to use Kandji for macOS. With Kandji, you have:

  1. A single dashboard for checking all of your macOS devices based on their security status.
  2. Automated enforcement of security settings with offline configuration checks.
  3. Codeless security configurations to enable software whitelisting/blacklisting and over a hundred other security settings.
  4. Role-based security blueprints to slot new Macs into quickly and easily.

Curious about how Kandji can help you achieve PCI compliance on Macs? Try out the software for yourself for free on up to 10 macOS devices now!

New call-to-action

Subscribe to the Kandji Blog

kandji badge

Secure Your macOS
Fleet Today

Sign up quickly and easily using your Gmail or Microsoft Office 365 business account or a verifiable business email address.