Bonjour,
Continuing our discussion on SIM through Compliance, you might be aware, that EventLog Analyzer currently provides support for: (SOX) SARBANES-OXLEY, (HIPAA) HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT and (GLBA) GRAMM-LEACH BlLILEY ACT and now we are contemplating extending our compliace reporting initiative to include support for PCI DSS.
For the uninitiated, PCI DSS stands for Payment Card Industry Data Security Standard. PCIDSS Requirements apply to all Members, merchants, and service providers that store, process or transmit cardholder data. Additionally, these security requirements apply to all ?system components? which is defined as any network component, server, or application included in, or connected to, the cardholder data environment. Network components, include, but are not limited to, firewalls, switches, routers, wireless access points, network appliances, and other security appliances. Servers include, but are not limited to, web, database, authentication, DNS, mail, proxy, and NTP. Applications include all purchased and custom applications, including internal and external (web) applications.
PCI forms the framework for VISA’s CISP (Cardholder Information Security Program ) and MasterCard’s SDP (Site Data Protection).
The PCI DSS has 12 basic requirements (with subsequent sub-requirements), which reads as follows:
>> Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
>> Protect Cardholder Data
Requirement 3: Protect stored data
Requirement 4: Encrypt transmission of cardholder data and sensitive information across public networks
>> Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications
>> Implement Strong Access Control Measures
Requirement 7: Restrict access to data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data
>> Regularly Monitor and Test Networks
Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes.
>> Maintain an Information Security Policy
Requirement 12: Maintain a policy that addresses information security
Do let us know your requirements for PCI compliance support in EventLog Analyzer and we will surely look into your request.
Au revoir!
AJ
