Thursday, March 1, 2012

Does the P in PCI stand for “Painful”?

Let’s see if we can do something about that…


At a recent tradeshow I attended, I was involved in many customer discussions about PCI DSS.  PCI compliance continues to be a big deal for many HP NonStop users, and the issue isn’t going away.  Indeed, the card schemes are mandating PCI compliance in more and more countries for the card issuers, in addition to the merchant acquirers who have had to be compliant for some time now.

Many software vendors offer products that assist with PCI compliance, but at the end of the day, compliance is an ongoing process, not just a product.  For a lot of organizations who process Cardholder Data (CHD), achieving compliance will take a multi-month project.

At XYPRO we’ve been helping customers achieve PCI compliance for many years – as one of our customers said sometime back “XYGATE software was integral to us achieving PCI compliance” – so we’ve spent some time thinking about how we can make that process less painful, quicker, and more manageable.

The result of that thinking is XYPRO’s latest product and services solution bundle – XYGATE PCI XPress.  XYGATE PCI XPress consists of the XYGATE products and functionality required to achieve PCI compliance, along with a set of packaged services to simplify your PCI DSS compliance process.  XYGATE PCI XPress ensures that:

  • CHD is only accessible by authorized users and processes
  • Role-based access controls are in place
  • All necessary NonStop resources are secured according to the granular subject-operation-object model
  • Access to any/all sensitive data and applications is tracked
  • All relevant security and audit events are centralized, and optionally sent to your Security Information and Event Management (SIEM) device of choice
  • Users can be authenticated against whichever user data store is in use in your environment, be it RSA SecurID, Active Directory, LDAP, or many other sources
  • All necessary Best Practises are being followed
Many other important areas are also covered.

When installed and configured through the XYGATE PCI XPress package, XYGATE PCI XPress will help address at least 9 of the 12 high-level PCI requirements.

As part of the PCI Package, XYPRO will also provide a statement of work covering the services to be provided to implement these products, along with other system configuration work that will be required.  A project plan outlines all steps that we will undertake, all tasks that the customer is required to perform, and those that we will perform together.  Realistic timeframes are provided, and we will optionally manage the entire project if required.

From the onset of the project on through to its completion, we may also be engaged to coordinate with your QSA to ensure that your NonStop platform and application compliance proceeds smoothly. What could be simpler?

Our new Manager of Professional Services, Sales Support and Education, Rob Lesan, has put this solution together. If you would like more information on XYGATE PCI XPress, please contact Rob or me.

Andrew Price
Director, Product Management
Andrew_P@xypro.com
XYPRO Technology Corporation

Rob Lesan
Manager of Professional Services
Rob_L@xypro.com
XYPRO Technology Corporation
Posted by at 1 comment:
Subscribe to: Posts (Atom)