The loss of cardholders information can irreparably damage consumer’s trust in the brand and adversely impacts stakeholders, but the loss of patient record information can lead to civil and criminal penalties. PCI-GENERAL™ is a secure MySQL database appliance that has been designed from ground up to enable compliance. The appliance transparently encrypts MySQL data, provides FIPS compliant key management and creates irrevocable logs for audit purposes. Packet General is the market leader in the MySQL data compliance market.
Available models:
Model # | PG-100 | PG-200 | PG-300 | PG-E50V | PG-150V |
Operating System | Secure | Secure | Secure | Secure | Secure |
CPU - Quad-core Intel Xeon 2.4GHz 4 x 12M Cache, Turbo, HT, L2 Cache 8MB L3 Cache, 1066MHz Max Mem | 1 | 2 | 2 | SMP Virtual Appliance | SMP Virtual Appliance |
Memory - Registered w/ ECC 1333MHz Dual Ranked RDIMMs | 12GB | 24GB | 48GB | Minimum 2GB | Minimum 2GB |
Storage - SATA 10000-RPM 16MB Cache 3.0Gb/s | 500GB | 500GB | 1000GB | n/a | n/a |
Disks | 3 | 4 | 4 | n/a | n/a |
NIC/LOM | 2x GbE LOM | 2x GbE LOM | 2x GbE LOM | n/a | n/a |
Availability | Hot-swap HDD; 500W Redundant PSU; | Hot-swap HDD; 500W Redundant PSU; | Hot-swap HDD; 500W Redundant PSU; | n/a | n/a |
Enclosure | 1U | 1U | 1U | n/a | n/a |
Power Supplies | Redundant 500W (80+GOLD) Auto Ranging 100V ~240V) | Redundant 500W (80+GOLD) Auto Ranging 100V ~240V) | Redundant 500W (80+GOLD) Auto Ranging 100V ~240V) | n/a | n/a |
Dimensions | 1.69 x 17.09 x 24.69 (in) | 1.69 x 17.09 x 24.69 (in) | 1.69 x 17.09 x 24.69 (in) | n/a | n/a |
Weight | 35.02lbs (15.9Kg) | 35.02lbs (15.9Kg) | 35.02lbs (15.9Kg) | n/a | n/a |
Operating Environment | 50 to 95 °F 10 to 35 °C | 50 to 95 °F 10 to 35 °C | 50 to 95 °F 10 to 35 °C | n/a | n/a |
Number of "sql-bench" encrypted transactions/sec | 500* | 650* | 750* | n/a | n/a |
* Performance data represents the maximum capabilities of the system as measured under optimal testing conditions.
Security Specifications | Description | PG-100 Hard Appliance | PG-200 Hard Appliance | PG-300 Hard Appliance | PG-E50V Virtual Appliance | PG-150V Virtual Appliance |
MySQL data encryption | Transparent data encryption of MySQL data (TDE). | Y | Y | Y | Y | Y |
“On-demand” encryption | Encryption can be turned on or off on per MySQL database basis | Y | Y | Y | Y | Y |
MySQL client applications | MySQL client applications remain unchanged. | Y | Y | Y | Y | Y |
MySQL binary log file protection | Logs are protected via strong encryption. | Y | Y | Y | Y | Y |
MySQL backups protection | Encrypted backups with proper key management. | Y | Y | Y | N | Y |
MySQL service protection | Only a privileged user (not "root") can start the service - protects against physical loss of an appliance. | Y | Y | Y | Y | Y |
Encryption algorithm used | Advanced Encryption Standard (AES) - symmetric-key encryption standard (U.S. FIPS PUB 197 (FIPS 197). | Y | Y | Y | Y | Y |
Key length | 256 bits | Y | Y | Y | Y | Y |
Key storage | Federal Information Processing Standard (FIPS) Publication 140-2/3 based smart cards running EAL4/EAL5 operating system. | Y | Y | Y | N | Y* |
Key distribution | Secure distribution conducted during the appliance installation. | Y | Y | Y | n/a | Y |
Key revocation | Authenticated revocation - a single step process. | Y | Y | Y | n/a | Y |
Key rotation | Built-in key rotation. | Y | Y | Y | Y | Y |
Non-repudiation | Cryptographically signed reports stored in an encrypted data vault. | Y | Y | Y | N | Y |
Protection against malicious privileged user | The OS “root” user is not allowed to view/alter the MySQL data. The MySQL “root” user is not allowed to alter the MySQL binary logs. | Y | Y | Y | Y | Y |
Firewall | Built-in customized firewall. | Y | Y | Y | Y | Y |
Services | Minimal set of services that are needed to run the MySQL server in a secure and controlled environment. | Y | Y | Y | Y | Y |
Platform management | Role-based platform management. | Y | Y | Y | Y | Y |
Security updates | Automated and tested updates. Single source for all security updates. | Y | Y | Y | Y | Y |
Hardened MySQL appliance | Appliance footprint < 700MB. | Y | Y | Y | Y | Y |
Management | Secure web based administration. | Y | Y | Y | Y | Y |
* Certain limitations apply
Requirement 3.4.1.b - Verify that cryptographic keys are stored securely (for example, stored on removable media that is adequately protected with strong access controls).
Requirement 3.6.5 - Retirement or replacement of old or suspected compromised cryptographic keys
Requirement 7.1.1 - Restriction of access rights to privileged user IDs to least privileges necessary to perform job responsibilities
Requirement 7.1.2 - Assignment of privileges is based on individual personnel’s job classification and function
Requirement 8.5.4 - Immediately revoke access for any terminated users.
Requirement 8.5.6 - Enable accounts used by vendors for remote maintenance only during the time period needed.
Requirement 8.5.9 - Change user passwords at least every 90 days.
Requirement 10.5 - Secure audit trails so they cannot be altered.
Requirement 10.5.1 - Limit viewing of audit trails to those with a job-related need.
Requirement 10.5.2 - Protect audit trail files from unauthorized modifications.
Requirement 10.5.5 - Use file-integrity monitoring or change-detection software on logs to ensure that existing log data cannot be changed without generating alerts (although new data being added should not cause an alert).
Requirement 10.7 - Retain audit trail history for at least one year, with a minimum of three months immediately available for analysis (for example, online, archived, or restorable from back-up).