Configuresoft Featured in Podcast Highlighting PCI DSS and Compensating Controls.Chris Farrow Talks about the Changes Ahead for the Current PCI (1) (Payment Card Industry) See PCI DSS. (2) (Peripheral Component Interconnect) The most widely used I/O bus (peripheral bus). Standard and How Compensating Controls are Being Used COLORADO SPRINGS, Colo. -- Configuresoft, an innovator in systems management technology and the creator of enterprise Configuration Intelligence, today announced the availability of a SearchSecurity.com podcast featuring an interview between Chris Farrow, director of Configuresoft's Center for Policy & Compliance and Editor Rob Westervelt. The Search360 podcast titled, "PCI DSS - Encryption, compensating controls and your assessor" discusses what happens when organizations fail to meet PCI encryption standards. The podcast is available at http://searchsecurity.techtarget.com/generic/ 0,295582,sid14_gci1146071,00.html#thisweek. (Due to its length, this URL URL in full Uniform Resource Locator Address of a resource on the Internet. The resource can be any type of file stored on a server, such as a Web page, a text file, a graphics file, or an application program. may need to be copied/pasted into your Internet browser's address field. Remove the extra space if one exists.) Complying with PCI DSS is an expensive and complex proposition that cuts across all organizations, from large Fortune 500 enterprises to small companies. A key aspect of the PCI DSS is its focus on data encryption as a core means for the security of cardholder card·hold·er n. One who holds a card, especially a credit card. card  hold data. Yet
organizations failing to meet encryption standards have been taking
advantage of the PCI compensating controls which allow a workaround (jargon, programming) workaround - A temporary kluge used to bypass, mask or otherwise avoid a bug or misfeature in some system. Customers often find themselves living with workarounds for long periods of time rather than getting a bug fix. for
entities that cannot meet a technical specification of a PCI
requirement. In this podcast, Farrow, who is also a co-founder and vice
president of the PCI Vendor Security Alliance, discusses how
compensating controls are used today, how auditors may treat the
compensating controls differently and how they will be used in the
future.
"Compensating controls are supposed to be a short term fix that allows an organization to remain compliant with alternative data encryption protections in place," said Farrow. "Organizations are using compensating controls to get out of these requirements, however these loopholes that exist will have to be addressed before the next PCI DSS deadline in order for companies to safely protect sensitive customer data." Configuresoft offers a PCI DSS Continuous Compliance Toolkit for its Enterprise Configuration Manager to help vendors and merchants address the six major areas of focus determined by the Payment Card Industry to secure credit card data. The Toolkit is available at no charge to existing Configuresoft customers and partners. About Configuresoft Configuresoft is an innovator in systems management technology, delivering the enterprise Configuration Intelligence[TM] to effectively and efficiently manage today's heterogeneous computing infrastructures. Spanning both security and operations, the Company's configuration management, compliance and remediation products are used by 13 of the world's 25 largest companies to keep their critical systems properly configured, while ensuring compliance with regulatory requirements such as Sarbanes-Oxley, FISMA FISMA Federal Information Security Management Act of 2002 FISMA Federal Information System Management Act , GLBA GLBA Gramm-Leach-Bliley Act of 1999 (Financial Modernization Act of 1999) GLBA Gay and Lesbian Business Association GLBA Great Lakes Booksellers Association GLBA Glacier Bay National Park and Preserve , HIPAA (Health Insurance Portability & Accountability Act of 1996, Public Law 104-191) Also known as the "Kennedy-Kassebaum Act," this U.S. law protects employees' health insurance coverage when they change or lose their jobs (Title I) and provides standards for patient health, and DISA 1. (body) DISA - Defense Information Systems Agency. 2. (standard) DISA - Data Interchange Standards Association. , and industry standards such as ISO (1) See ISO speed. (2) (International Organization for Standardization, Geneva, Switzerland, www.iso.ch) An organization that sets international standards, founded in 1946. The U.S. member body is ANSI. 27001, PCI DSS and Microsoft Security Hardening Guides. To contact Configuresoft, please call (888) U-CONFIG or visit www.configuresoft.com. |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion