Continuing our discussion on SIM through Compliance, you might be aware, that EventLog Analyzer currently provides support for: (SOX) SARBANES-OXLEY, (HIPAA) HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT and (GLBA) GRAMM-LEACH BlLILEY ACT and now we are contemplating extending our compliace reporting initiative to include support for PCI DSS.

For the uninitiated, PCI DSS stands for Payment Card Industry Data Security Standard. PCIDSS Requirements apply to all Members, merchants, and service providers that store, process or transmit cardholder data. Additionally, these security requirements apply to all ?system components? which is defined as any network component, server, or application included in, or connected to, the cardholder data environment. Network components, include, but are not limited to, firewalls, switches, routers, wireless access points, network appliances, and other security appliances. Servers include, but are not limited to, web, database, authentication, DNS, mail, proxy, and NTP. Applications include all purchased and custom applications, including internal and external (web) applications.

PCI forms the framework for VISA’s CISP (Cardholder Information Security Program ) and MasterCard’s SDP (Site Data Protection).

The PCI DSS has 12 basic requirements (with subsequent sub-requirements), which reads as follows:

>> Build and Maintain a Secure Network

Requirement 1: Install and maintain a firewall configuration to protect data

Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

>> Protect Cardholder Data

Requirement 3: Protect stored data

Requirement 4: Encrypt transmission of cardholder data and sensitive information across public networks

>> Maintain a Vulnerability Management Program

Requirement 5: Use and regularly update anti-virus software

Requirement 6: Develop and maintain secure systems and applications

>> Implement Strong Access Control Measures

Requirement 7: Restrict access to data by business need-to-know

Requirement 8: Assign a unique ID to each person with computer access

Requirement 9: Restrict physical access to cardholder data

>> Regularly Monitor and Test Networks

Requirement 10: Track and monitor all access to network resources and cardholder data

Requirement 11: Regularly test security systems and processes.

>> Maintain an Information Security Policy

Requirement 12: Maintain a policy that addresses information security

Do let us know your requirements for PCI compliance support in EventLog Analyzer and we will surely look into your request.

Au revoir!