The document discusses the Aerohive Personalized Engagement Platform which provides a flexible and secure Wi-Fi network that addresses PCI 3.0 compliance requirements for retailers. It includes features like strong encryption, authentication, intrusion detection and a firewall to isolate cardholder data. The platform also offers PCI compliance reporting through HiveManager to identify issues and vulnerabilities. Maintaining PCI compliance is important as wireless networks become critical for retail customer engagement and sales.

1. PCI 3.0
Compliance and Security for Retailers
Solution Brief

2. The Aerohive Personalized Engagement Platform provides a flexible, high-performance Wi-Fi
network with advanced security features that address PCI 3.0 requirements. Gain a highly
secure way to personalize the shopping experience for in-store customers while
complementing your PCI compliance goals.
Challenges
Recent breaches at high-profile retailers have put credit card and customer
data security back in the spotlight. Securing this data becomes even more
challenging as retailers look for innovative ways set themselves apart, increase
in-store traffic, strengthen customer loyalty, and drive sales. Many retailers are
implementing mobile strategies that allow customers to do everything from
check item availability and compare products to make mobile purchases with
their smartphones. These new capabilities place new security and compliance
demands on wireless networks.
PCI Compliance and Access Networks
Access networks provide network connectivity to point-of-sale devices, laptops, and
mobile phones in the retail store. The PCI Data Security Standard (PCI DSS)
applies to all network components—wired and wireless. The PCI Security Standards
Council continues to update PCI DSS requirements to address the dynamic threat
landscape. Version 3.0 of the PCI Data Security Standard (PCI DSS) became effective
on Jan. 1, 2014.
For wireless and access networks, the elements generally included in PCI
compliance checking are Wi-Fi access points, switches, firewalls, authenticating
servers, and any security appliance is part of the cardholder data environment
(CDE). The specific PCI DSS requirements that apply to wireless and access
networks are shown in Figure 1.
Guideline Benefit
4.1.1 - Ensure wireless networks
transmitting cardholder data or
connected to the cardholder data
environment, use industry best
practices (for example, IEEE 802.11i)
to implement strong encryption for
authentication and transmission.
Note: The use of WEP as a security
control is prohibited.
Use the latest, most advanced
encryption standards to permit only
authorized devices and users in the
network.
6.5.10 - Broken authentication and
session management.
Note: Requirement 6.5.10 is a best
practice until June 30, 2015, after
Secure authentication and session
management prevents
unauthorized individuals from
compromising legitimate account

3. PCI 3.0 Compliance and Security for Retailers
which it becomes a requirement. credentials, keys, or session tokens.
11.1.1 – Maintain an inventory of
authorized wireless access points
including a documented business
justification.
Locate and identify unauthorized
(rogue) access points and clients.
Figure 1. PCI DSS Requirements Applying to Wireless and Access Networks
Aerohive Solution Overview
The Aerohive Personalized Engagement Platform includes Aerohive intelligentaccess
platforms with built-in Aerohive HiveOS™ security features and HiveManager PCI 3.0
Reporting. Figure 2 illustrates the platform’s functionality.
Figure 2. Aerohive Personalized Engagement Platform
Aerohive HiveOS
Aerohive intelligent access platforms include the enterprise-class Aerohive
HiveOS operating system. HiveOS includes the following advanced security
features that help address PCI compliance requirements:
• Wireless Intrusion Protection System (WIPS), which enables each AP to perform
off-channel scanning and identify and locate unauthorized (rogue) APs and
clients, as well as misbehaving clients.
• Strong authentication and encryption standards, such as WPA/WPA2
(Personal), WPA/WPA2 802.1X Enterprise and Aerohive Private Pre-Shared Key
• Intrusion detection (MAC Dos, IP DoS) features help detect active
penetration attempts, such as failed authentications, associations, or EAP
handshakes; various types of protocol frame floods, such as probe requests,
probe responses, and authentication requests; and denial of service attacks
through deauthentication and disassociation attacks.
• An integrated firewall with full application visibility and control that isolates
the cardholder data from rest of the network and ensures network access is
tightly controlled based on context.
• Strong password enforcement to validate that all passwords include at least
seven characters with both numeric and alphabetic characters.
Copyright ©2014, Aerohive Networks, Inc. 3

4. PCI 3.0 Compliance and Security for Retailers
• Logging of all wireless association and authentication requests.
Aerohive HiveManager
Aerohive HiveManager is an out-of-band enterprise-class network management system
that handles configuration, OS updates, and monitoring for thousands of Aerohive
devices. HiveManager checks the network for PCI DSS compliance and reports on non-
compliant Wi-Fi configurations and vulnerabilities as shown in Figure 3. HiveManager
reports include:
• Rogue Device Compliance provides details on rogue devices and stations
• Device Configuration Compliance identifies devices with weak access
security, WEP, or open authentication.
• Intrusion Detection Compliance for MAC address and IP DoS
Log Servers provide a list of external and internal log servers
Figure 3. HiveManager PCI DSS Wireless LAN Compliance Report
Address Wi-Fi PCI Compliance More Effectively With Aerohive
Maintaining PCI compliance is an ongoing effort. As wireless and access networks
become critical to retailers’ sales, marketing, and customer engagement objectives,
they must be secure and compliant. The Aerohive Personalized Engagement Platform
delivers advanced security features and PCI compliance reporting capabilities that
retailers need to effectively address PCI compliance while delivering a superior
shopping experience to their customers.
4 Copyright ©2014, Aerohive Networks, Inc.

5. PCI 3.0 Compliance and Security for Retailers
For More Information
Products: http://www.aerohive.com/products/overview.html
Resource Center: http://www.aerohive.com/resources
Promotions: http://www.aerohive.com/promotions
About Aerohive
Aerohive (NYSE: HIVE) unleashes the power of enterprise mobility. Aerohive’s
technology enables organizations of all sizes to use mobility to increase productivity,
engage customers, and grow their business.Deployed in over 13,000 enterprises
worldwide, Aerohive's proprietary mobility platform takes advantage of the cloud and
a distributed architecture to deliver unified, intelligent, simplified and cost-effective
networks. Aerohive was founded in 2006 and is headquartered in Sunnyvale, Calif. For
more information, please visit www.aerohive.com, call us at 408-510-6100, follow us
on Twitter @Aerohive, subscribe to our blog, join our community or become a fan on
our Facebook page.
Copyright ©2014, Aerohive Networks, Inc. 5