fhs
Volume 9, Number 14 -- April 7, 2009

Safestone Gives Away Free PCI Assessments to i OS Customers

Published: April 7, 2009

by Alex Woodie

Interested in how your System i (AS/400) environment stacks up against the Payment Card Industry's Data Security Standard (PCI DSS)? Then you might consider downloading a free tool from Safestone Technologies' Web site, which will scour your i OS security settings, compare the results against the major PCI requirements, and give you a plain English report that details what areas of System i security you need to work on.

Compared to other government or industry mandates, the PCI DSS has been heralded for its detailed IT security requirements. Instead of providing wishy-washy IT guidelines that must be first interpreted before implemented (i.e. SOX), the PCI DSS provides a comprehensive list of security provisions that must be implemented to avoid paying hefty fines for noncompliance. For IT pros with a binary view of the world, PCI DSS gives them reason to be confident, instead of fearful of succumbing to a gray-zone interpretation.

With that said, not all of the PCI DSS requirements map cleanly to the System i world. The requirements were sculpted in the image of its drafter's world view--which means lots of Unix and Windows terms--so it can take a little bit of time to fully understand the repercussions that PCI DSS holds for System i shops.

The System i security pros at Safestone have done their share of PCI DSS work, and some of this work is on display for anybody to tap into with the new PCI Compliance Assessment.

The first step in the assessment is filling out a form at www.safestone.com/pciaudit. You will be required to separate with your contact information, which Safestone will most likely use to sell you their System i security software. Of course, you can opt out of Safestone's list after running the compliance assessment, if you want.

Next, you will be given information on how to download the PCI assessment tool. After this tool is installed on your System i server and does its thing, it removes itself from the system, so you don't have to worry about cluttering up your system.

The tool looks at various aspects of your System i security settings and sees how they stack up against the six areas of IT control as defined by PCI. In System i terms, the tool will be looking at things like your selected security level, whether you're using encryption, what kind of system access your users have, whether you have exit programs in place, and how secure their user IDs and passwords are.

Customers are provided with a PDF report that grades their i OS security settings against PCI standards as part of Safestone's free PCI compliance assessment offer.

Safestone will then generate a report detailing how your System i fared. For each category, the report provides details about the customer's specific security settings. This information is communicated in sentences as well as in graphic form, making it easy to interpret the results. Reports are customized for each customer, with grades of good, fair, or fail for each category, as well as specific recommendations for fixing the problems and achieving compliance.

Much of the value in Safestone's reports resides in the recommendation sections. For some of the problems, the fixes are simple. For example, it's widely maintained that you must be at a minimum security level of 40 to pass a PCI audit. If you're currently at security level 30, you must move to security level 40 to pass (of course, that's easier said than done).

For other areas, Safestone recommends you look at third-party tools for solutions to problems such as audit reporting and encryption. It's no surprise that Safestone would recommend its own exit program monitoring solutions or auditing tools for the System i server. But Safestone also directs customers to other System i software vendors for solutions, such as nuBridges for i OS encryption, according to the sample PCI assessment available on Safestone's Web site.

According to Safestone, undergoing a PCI assessment does not guarantee an organization can prevent a security breach. But it does help to ensure every measure is taken to secure sensitive customer information, and to avoid the kind of security breach that occurred in 2007 at TJX, the company says.

"No one wants their company associated with the type of breach TJX experienced," says Safestone COO Terry Heath. "This breach resulted in 94 million accounts being compromised with losses exceeding $70 million due to fraud. We want to give System i shops an easy way to be proactive when it comes to PCI compliance by sharing our years of experience through offering this free assessment to any company with a System i."

Safestone says the PCI compliance assessment is the first of several free assessments it will be providing to the System i community this year. For more information or to sign up for the assessment, visit the company's Web site at www.safestone.com.


RELATED STORIES

Safestone Cracks Down on Excessive Authority with PUP

Safestone Gives i Security Officers Greater Control

Safestone Re-emerges with New Corporate Identity, i OS Security Tools

Putting the 'i' Back Into PCI


                     Post this story to del.icio.us
               Post this story to Digg
    Post this story to Slashdot

Sponsored By
MAXIMUM AVAILABILITY

Now available in the USA and UK, *noMAX Subscription Edition
gives you the same great capabilities as regular *noMAX but on
a flexible and affordable quarterly or annual fee basis.

SUBSCRIPTION EDITION NOW AVAILABLE

                                                      + No capital investment
                                                      + No long term commitments
                                                      + Same great software

*noMAX Subscription Edition includes:
+ *noMAX + Support and Maintenance + Upgrades and updates
+ HA Health-Checks™ + User training
+ The flexibility to address your particular needs

*noMAX has high profile accounts world wide.
Whether you are operating a P05 or a P50, we have the proven
experience, performance and people that you can rely on.

* Best Software * Best Deal * End of Story *

Contact us on 1- 888 400 1541
or email sales@maxava.com

smart thinking saves you money
Editor: Alex Woodie
Contributing Editors: Dan Burger, Joe Hertvik,
Shannon O'Donnell, Timothy Prickett Morgan
Publisher and Advertising Director: Jenny Thomas
Advertising Sales Representative: Kim Reed
Contact the Editors: To contact anyone on the IT Jungle Team
Go to our contacts page and send us a message.

Sponsored Links

ARCAD Software:  FREE Webinar - Managing ILE and SQL Development, April 22
Fujitsu PROGRESSION:  RPG to .NET. . . Smart move made simple
COMMON:  Join us at the 2009 annual meeting and expo, April 26-30, Reno, Nevada
 

IT Jungle Store Top Book Picks

Easy Steps to Internet Programming for AS/400, iSeries, and System i: List Price, $49.95
The iSeries Express Web Implementer's Guide: List Price, $49.95
The System i RPG & RPG IV Tutorial and Lab Exercises: List Price, $59.95
The System i Pocket RPG & RPG IV Guide: List Price, $69.95
The iSeries Pocket Database Guide: List Price, $59.00
The iSeries Pocket SQL Guide: List Price, $59.00
The iSeries Pocket Query Guide: List Price, $49.00
The iSeries Pocket WebFacing Primer: List Price, $39.00
Migrating to WebSphere Express for iSeries: List Price, $49.00
Getting Started With WebSphere Development Studio Client for iSeries: List Price, $89.00
Getting Started with WebSphere Express for iSeries: List Price, $49.00
Can the AS/400 Survive IBM?: List Price, $49.00
Chip Wars: List Price, $29.95
 
The Four Hundred
Power vs. Nehalem: Scalability Is So 1995, Cash is So 2009

IBM Poised to Buy Sun, Rumors Say

IT Spending Forecasts Slashed by Gartner, Forrester

As I See It: Built-In Disasters

Head in the Clouds or Head in the Sand? SaaS Faces the Facts

Four Hundred Guru
A Sleepy RPG Program

Treasury of new DB2 6.1 (V6R1) Features, Part 5: New Functions and Change Stamp Columns

Admin Alert: Change Your Tape Drives, Change Your Tape Management Costs

Four Hundred Monitor
Four Hundred Monitor's
Full iSeries Events Calendar

System i PTF Guide
April 4, 2009: Volume 11, Number 14

March 28, 2009: Volume 11, Number 13

March 21, 2009: Volume 11, Number 12

March 14, 2009: Volume 11, Number 11

March 7, 2009: Volume 11, Number 10

February 28, 2009: Volume 11, Number 9

TPM at The Register
VMware wheels and deals on server virtualization

Sun shares sink as IBM deal breaks down

IBM-Sun deal breaking down, report says

Parallels conducts Extreme Nehalem workstation wooing

U.S. unemployment rate jumps to 8.5 per cent

Intel, GE partner on healthcare gadgetry

Bigger Indigo - shades of AT&T's NCR grab

Fedora 11 beta bares chest to all-comers

SGI's Rackable's future supercomputers

Who is going to run IBM?

Soothsayers slash IT spending forecasts

Otellini: 'I'd rather have Sun be independent'

Sun confirms second round of layoffs

Intel showcases 'transformational' Nehalem

THIS ISSUE SPONSORED BY:

ProData Computer Services
Bytware
Maximum Availability
COMMON
RJS Software Systems


Printer Friendly Version


TABLE OF CONTENTS
ACOM Adds 'Sticky Note' Functionality to Content Manager

Lotus Collaboration in the Clouds

Safestone Gives Away Free PCI Assessments to i OS Customers

UC4 Addresses IT Complexity with Enhanced Job Scheduler

CGC Delivers Hosted HA with Avnet and iCluster

News Briefs and Product Shorts:
IBM Readies Unified Communications Integration . . . CCSS Enhances System i Disk Monitoring with Utility . . . Pennsylvania Hospitals Tap AHS for Medical Billing Solution . . . SpoolFlex Gets USPS Intelligent Barcode Support . . . Mobile Device Usage Among Enterprises to Jump Dramatically, Juniper Says . . .

Four Hundred Stuff

BACK ISSUES




 
Subscription Information:
You can unsubscribe, change your email address, or sign up for any of IT Jungle's free e-newsletters through our Web site at http://www.itjungle.com/sub/subscribe.html.

Copyright © 1996-2009 Guild Companies, Inc. All Rights Reserved.
Guild Companies, Inc., 50 Park Terrace East, Suite 8F, New York, NY 10034

Privacy Statement