PCI DSS: §10.4 Compliance and the Need for Provable Time

Certichron's SecureNTP™ service is the only solution that fully meets PCI DSS §10.4 requirements!

How important is it to your business to be able to prove compliance with the PCI DSS? The answer is likely, "very important". From the Self-Assessment Questionaire to the periodic QSA reviews, monitoring, logging and auditing are cornerstones to the developing compliant PCI DSS practices. Simply put, you must be able to prove your compliance with the Standards. But can you prove that your §10.4 time setting practices are compliant?

For example, can you prove what source (GPS, NIST, USNO, pool.ntp.org, etc.) provided your time? Can you prove you received the correct time from the source? Does your time provider offer a service level agreement to ensure the accuracy, availability and reliability of the time setting services? Can you prove that your time records have not been altered? If your business is involved in litigation five or ten years from now and the time settings for your transaction records or logs are critical to proving your case, will you be able to conclusively show that the data is reliable? If you answered no to any these questions, you need SecureNTP™.

The SecureNTP™ service by Certichron provides full compliance with PCI DSS Requirement §10.4 (along with Requirements 6.1 & 6.2) in one simple package. The service can be implemented by small, medium and large merchants, data collectors and processors - usually without any need for new software or equipment. If you would like to learn more about the SecureNTP™ service, please contact us or read further about how SecureNTP™ meets the detailed requirements of Section 10.4.

Further information on DSS §10.4 Requirements: