Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Support for PCI compliance self assessment.

Qualys : 02 April, 2008  (New Product)
Filing of self-assessment questionnaire for the PCI security standards council now supported by QualysGuard.
Qualys has announced an upgrade to its QualysGuard PCI on demand compliance solution with the new Self-Assessment Questionnaire (SAQ) Version 1.1, issued by the Payment Card Industry (PCI) Security Standards Council (PCI SSC) in February 2008. The QualysGuard PCI implementation of the new SAQ allows customers to complete all versions of the questionnaire online and e-file it securely with their acquiring banks.

The SAQ is a validation tool used primarily by Level 2, 3 and 4 merchants (and some smaller service providers), as defined by the major credit-card brands—Visa, MasterCard Worldwide, Discover Financial Services, American Express and JCB International — to validate compliance with the PCI Data Security Standards (PCI DSS). The PCI SSC updated SAQ version 1.0 to better align with PCI DSS version 1.1 and created four variants to ensure merchants only answer questions relevant to their environment. Each of the four variants, labeled A, B, C and D have qualifying questions used to determine which of the four questionnaires a merchant is required to complete.

"Issuing the latest self assessment questionnaire is another step the PCI Security Standards Council is taking to ensure that all merchants and service providers have options in determining their compliance strategy," said Bob Russo, general manager, PCI Security Standards Council. "Having multiple SAQs available will streamline the process and make it easier for stakeholders to determine their compliance gaps and take action to ensure full compliance with the Standard."

The SAQ, version 1.1 is now available and consists of four unique forms to meet various business scenarios. Each merchant completing the SAQ version 1.1 selects the questionnaire that best represents their environment, based on the descriptions below:.

* SAQ validation type 1 - Card-not-present (e-commerce or mail/telephone-order) merchants, all cardholder data functions outsourced. This would never apply to face-to-face merchants - SAQ A -11 questions.

* SAQ validation type 2 - Imprint-only or stand-alone terminal merchants with no electronic cardholder data storage. - SAQ B - 21 questions.

* SAQ validation type 3 - Merchants with POS systems connected to the Internet, no electronic cardholder data storage. - SAQ C - 38 questions.

* SAQ validation type 4 - All other merchants (not included in Types 1-3 above) and all service providers defined by a payment brand as eligible to complete an SAQ. - SAQ D - 226 questions.

QualysGuard fully supports all four types of questionnaires, labeled A-D, including the ability to enter online comments for compensating controls, provide remediation action plan for non-compliant sections, complete attestation of the assessment and electronically sign the SAQ online.

In this upgrade, QualysGuard PCI now supports both the previous SAQ version 1.0, as well as the four forms of the new SAQ version 1.1, allowing merchants to choose which version they wish to complete. According to the PCI SSC, after April 30, 2008, the older SAQ version 1.0 will no longer be accepted for compliance validation. From that date forward, all merchants will be required to use the new SAQ version 1.1.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo