Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

PCI Compliance for Large Computing Systems

Atsec Information Security : 09 March, 2010  (Technical Article)
atsec has published a white paper aimed at operators of large system environments who need to become compliant to payment card industry standards
atsec information security announces the publication the 'Payment Card Industry Compliance For Large Computing Systems" white paper. The paper was created by mainframe and PCI experts from atsec and IBM and is now available as a PDF document on atsec's website.

atsec is accredited as a Qualified Security Assessor (QSA) by the
Payment Card Industry (PCI) Security Standards Council and has a deep
understanding of Large Computing Systems (LCS) through many years of
evaluating and testing z Series systems against standards such as Common
Criteria and FIPS 140-2. This type of evaluation and test requires a
thorough, in-depth analysis of the involved security functionality. In
addition, atsec performs penetration testing of LCS for customers in the
financial industry.

Abstract:

"Payment Card Industry Compliance for Large Computing Systems," written
by atsec in association with IBM and other leading Large Computing
Systems (LCS) experts, is aimed at addressing the need for guidance and
information by QSAs, merchants, and service providers whose cardholder
data environment is largely based on LCS technology. It may also be of
interest to acquirers and card brands that are demanding compliance with
specific standards.

Achieving and assessing PCI compliance in a LCS environment can be
challenging because the standards are focused towards a distributed
systems paradigm. A full understanding of the security features and
advantages of this complex environment can provide assurance of
compliance to the standard, but it is a very broad and detailed topic.

Drawing from their extensive knowledge of mainframe and LCS security, as
well as their experience working for an accredited QSA, atsec's
consultants have a thorough understanding of the security functionality
of these systems at every level, including operating systems,
virtualization technology, applications, networking and communication,
and mainframe environments. This understanding has been gained through
experience performing Common Criteria evaluation for the US and Europe
governments, cryptographic testing and analysis, and mainframe
penetration testing for large financial customers on the following
systems and applications:

• z/OS
• z/VM
• PR/SM
• System SSL
• DB2
• Multiple Tivoli and third party vendor applications

In "Payment Card Industry Compliance for Large Computing Systems," atsec
presents an analysis of the PCI standards in the context of a LCS
environment and provides focused guidance to QSAs and their customers on
the PCI assessment of such environments and the resources available to
support an assessment. The authors have an extensive knowledge of
mainframe and LCS security, coupled with experience as an accredited
QSA, and in this whitepaper, provide the necessary insight into LCS
security for QSAs and other PCI professionals.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo