You are here



All merchants and financial institutions that store, process or transmit payment cardholder data must comply with the Payment Card Industry Data Security Standard (PCI DSS) 3.1. This includes virtualization technology and the use of private clouds. Traditional physical security components that are usually deployed at the network edge make it difficult if not impossible to effectively monitor and control virtual components. It is vital for organizations using virtual technology in the Cardholder Data Environment (CDE) to adopt a software-defined security technology like Catbird Insight and Catbird Secure to protect cardholder data within that environment.

"If I had Catbird last year, it would have saved us $2M in audit costs." CISO at Top 10 Financial Institution

How Catbird Helps PCI Compliance

Catbird Insight and Catbird Secure form a unique solution engineered to automate seamless, comprehensive security and PCI DSS compliance for organizations with a virtual CDE. Catbird provides three major benefits:

1. Segments the Cardholder Data Environment

Catbird Insight enables easy segmentation of CDE in a virtual environment with its logical zoning containers called Catbird TrustZones. By dragging and dropping virtual assets on the data plane that relate to the CDE you create one or more PCI specific Catbird TrustZones. 

2. Automatically maps & manages all virtual assets in the CDE

With Catbird TrustZones, Catbird provides precise visibility and management of all virtual networks, network devices and system components. This includes a perfect inventory of all assets as they are turned on or off in the dynamic virtual environment – including mapping capability that diagrams all cardholder data flows across systems and networks. This is a new requirement in PCI DSS 3.1 (1.1.3) and is fulfilled only by Catbird for organizations with a virtual CDE. 


3. Automatically enforces & Documents PCI DSS Policies

With Catbird Secure, security policies are automatically assigned to all virtual assets placed in Catbird TrustZones. By selecting the pre-defined PCI policy for the Catbird TrustZones that make up your virtual CDE, Catbird automatically and deterministically enforces those policies to protect cardholder data wherever it may be processed, stored or transmitted in the virtual CDE. For example, Catbird Secure automatically executes virtual firewall policies such as blocking, alerting and quarantining according to PCI DSS requirements. Catbird Secure policies use the same control framework as PCI Qualified Security Assessors, so its virtual network diagrams, NetFlow maps and operational reports instantly provide “audit-ready” documentation whenever you need it.

PCI DSS Policies 

Catbird logically organizes all CDE assets into Catbird TrustZones, assigns and enforces security policies, and automatically maps Net-Flow for PCI DSS compliance.


Learn More About Catbird and PCI Compliance 

From the PCI Security Standards Council

From Catbird