BlueCross BlueShield
EE logo black
PCI DSS is complex. Imperva has you covered.

The PCI DSS is complex. Imperva has you covered.

The PCI DSS has 11 high-level requirements that impact web, database, and file security. Imperva meets the following of PCI DSS requirements.

Make compliance easier

PCI 6.1 Establish a process to identify security vulnerabilities

SecureSphere Database Assessment discovers databases on the network, identifies, and classifies PCI data within databases, identifies database vulnerabilities and misconfigurations, and then prioritizes mitigation by calculating risk based on data sensitivity and the severity of vulnerability. Additionally, Imperva ThreatRadar feeds that profile malicious bots, bad IPs, flagged visitors, and more—leading to a more proactive process that identifies emerging security vulnerabilities.

PCI 6.4.3 Production data is not to be used for testing/development

Imperva Camouflage Data Masking replaces sensitive data with realistic fictional data to ensure that privacy is intact and hackers don’t have the opportunity to steal vulnerable production data.

Protect public-facing web applications

PCI 6.6 Protect public-facing web applications

Imperva SecureSphere web application firewall protects applications and offers virtual patching to eliminate the window of exposure that comes with manual code fixes.

PCI 7 Restrict access to cardholder data by need-to-know

You are required to limit data access to the minimum necessary for employees to do their jobs. Imperva SecureSphere Database Audit and Protection controls user access to ensure only those who are authorized can access sensitive data. It also determines how users are accessing data, so you can manage data effectively. Imperva Camouflage data masking limits the amount of personal data held and processed, with data replacement that is functional and statistically accurate.


PCI 8.1.4 Remove/disable inactive user accounts within 90 days

You must demonstrate secure user authentication and password management processes, including disabling accounts after 90 days of inactivity. Terminated users also must have their access privileges revoked. Imperva SecureSphere automates this process for you.

Track and monitor all access to network resources and cardholder data

PCI 10 Track and monitor all access to network resources and cardholder data

There are stringent tracking requirements that mandate you track all user activity, monitor every transaction and audit privileged user activity. Imperva SecureSphere and Imperva CounterBreach monitor and track all user activity without degrading server performance, needing application changes or requiring in-house audit management tools. Easy reporting grants visibility into all database and file server activity by external and internal users.

Stops ransomware in its tracks

PCI 11.5 Alert personnel to unauthorized modification of files

Imperva SecureSphere File Firewall and Imperva CounterBreach create baselines of “normal” user behavior, then track all user behavior and alert you to any activity that deviates from the norm. You’ll see who is accessing data and how it’s being accessed – giving you time to respond immediately before a major breach can happen.

Why choose Imperva for PCI DSS compliance?

Always-on data security solutions

Imperva SecureSphere, Imperva CounterBreach and Imperva Camouflage provide always-on, robust data protection solutions that automate data security and protect websites, applications and databases wherever you deploy them.

Trusted by industry leaders

Thousands of customers worldwide, including financial services firms, healthcare companies and government agencies, rely on Imperva to protect critical, sensitive data and applications and ensure compliance.

Cybersecurity experts

The Imperva research team is among the most talented and experienced in the world and offers exceptional insight into both published and unpublished security threats.

republic bank Imperva [SecureSphere] was the product for us based on three key factors. One was functionality of the product. Two was ROI or total cost of ownership. And three was ease of management. At the end of the day, that was one of the things that really separated Imperva from the competition. Ross Bobenmoyer VP of Information Security Read case study ›

    PCI DSS Resources

    PCI DSS Solution Brief


    Find out in-depth how Imperva meets PCI DSS requirements.

    Read report ›

    SecureSphere Data Security Datasheet

    Learn how SecureSphere works to keep data safe.

    Read datasheet ›
    How to stop web app attacks

    How to Stop Web Application Attacks

    Discover how to stop web app attacks with Imperva.

    Watch video ›