RSA Enhances its PCI Solutions Through Collaboration with Cisco  
  SEARCH: Sign In | Register | Contact Us | Site Map | Home  

FFIEC News

RSA Enhances its PCI Solutions Through Collaboration with Cisco

(Jan 15, 2008)--The Security Division of EMC , announced the interoperability of five RSA PCI Solutions in the Cisco Payment Card Industry (PCI) reference architectures. The Cisco PCI Solution for Retail Validated Network Designs help retailers of all sizes effectively address the data security requirements mandated by the PCI Data Security Standard (PCI DSS).

The Cisco Validated Network Designs, which have been validated by external PCI Qualified Security Auditor (QSA) Verizon Business, offer a set of cost- effective, audited solutions that help customers meet many of the most challenging PCI DSS requirements, including authentication, encryption and compliance reporting. RSA is leveraging the Cisco PCI Validated Network Designs to help enable retailers to easily integrate new or existing technology solutions into their in-store, Internet edge and data center environments in a PCI DSS compliant manner.

Cisco PCI Solution for Retail in-store network designs, deployed in Cisco's technology labs provide clear, in-depth guidance on how retailers may deploy associated RSA and Cisco products in a PCI validated manner. Retailers can consult Design & Implementation Guides for technical instruction on the deployment of particular products to address specific PCI requirements. Furthermore, retailers may review a Report on Compliance from Verizon Business, which provides feedback from a certified PCI QSA regarding the ability of RSA and Cisco products to be deployed in a manner that meets specific PCI DSS requirements.

The RSA technology solutions included in the Validated Network Designs include:

-- Encryption and key management: RSA Key Manager and RSA File Security Manager are designed to enable retailers worldwide to address PCI Requirement 3 by helping to secure data from its creation at the point-of-sale application, through all endpoints - regardless of whether data resides in the network, an application, database, files and folders, or disk/tape storage. In addition, RSA's enterprise-wide key management solution is engineered to help ensure that data will be both available and properly protected no matter when or where it is needed.

-- Authentication and authorization: RSA SecurID two-factor authentication technology and RSA Access Manager are designed both to help retailers address PCI Requirements 7 and 8 by creating tools to positively establish the identities of users, and to ensure that only authorized users may access cardholder data. RSA's strong authentication and authorization solutions are designed to deliver out-of-the-box integration with hundreds of products that can be part of a PCI infrastructure, such as VPNs, firewalls, and application
servers, enabling retailers to ensure that users accessing cardholder systems are trusted.

-- Compliance and security information management: RSA enVision technology is engineered to allow retail businesses to effectively meet PCI DSS Requirement 10 by establishing a centralized point for tracking and monitoring access to cardholder data throughout a PCI environment. RSA's solution is also built to retain an audit trail history as required by PCI mandates. These solutions also allow for out-of-the-box PCI compliance reports, significantly easing the process of demonstrating compliance to auditors.

Beyond the RSA technology solutions included in the Cisco PCI Solution for Retail reference architectures, merchants embarking upon PCI compliance initiatives can look to RSA(R) Professional Services for up-front consulting services that will help them begin with a clear understanding of their current PCI posture so that they can then develop a compliance strategy that best matches their needs.

In order to secure card holder data, as in accordance with the PCI DSS, companies must monitor where the data is stored throughout their enterprise. RSA Professional Services helps enable customers to understand where cardholder data exists across the organization so that it can be secured and managed throughout its lifecycle. To achieve this, RSA Professional Services uses a range of application, network and data discovery, and classification technologies to analyze the location and transaction flow of cardholder data, making securing the data easier.

After discovering cardholder data, retailers must understand any existing PCI compliance gaps in order to identify remediation needs. Through a PCI Readiness Assessment service, RSA Professional Services helps retailers understand their current PCI posture and develop a prioritized remediation roadmap prior to undergoing a formal PCI audit.

In addition to these consulting services, RSA PCI Solutions - including RSA Data Loss Prevention Suite, RSA Database Security Manager, RSA Digital Certificate Solutions, EMC Smarts, EMC Voyence and EMC Physical Security Solutions - help retailers address PCI requirements related to data leakage, database encryption, strong authentication, application discovery, network change management and physical security, respectively.



Share or bookmarklet this web page at:



Google
Privacy Policy | Terms & Conditions | Support | Directory Links | Contact Us | Site Map | Home
Copyright © 2007-2008 ComplianceHome.com. A SUPREMUS GROUP venture. All rights reserved.