PowerTech Looks at PCI and System i
October 30, 2007 Alex Woodie
With another Payment Card Industry Data Security Standard (PCI DSS) deadline looming just weeks away, it’s critical that you get your System i compliance plans on track. To that end, the System i security experts at PowerTech Group published a new white paper last week that analyzes the requirements and impacts PCI is having on the System i server.
PowerTech’s new white paper, titled “PCI Compliance for IBM System i (AS/400),” takes a look at each of the 12 main requirements of PCI, and maps those requirements into i5/OS terminology. This is quite useful, as the System i is a slightly different animal, and industry regulations are generally written for a broad audience (although PCI has been hailed by IT managers for its specificity, especially compared to the vagueness that is SOX).
Some of PCI’s requirements are quite obvious. For example, it doesn’t take a rocket scientist to figure out that using default passwords is a really, really bad idea from a security perspective. Nevertheless, it needs to be pointed out.
Where PowerTech’s white paper really helps users is in explaining how they can address each of the detailed security requirements in PCI. Obviously, PowerTech is going to point to its products, including its Compliance Monitor, for some of the requirements, such as monitoring log on attempts. But for other PCI requirements, such as setting minimum password lengths, the company simply tells the reader which native i5/OS setting that corresponds to.
Interested parties can register to download PowerTech’s whitepaper at www.powertech.com/powertech/newsletter_whitepaper_PCI.asp.