NET COMPLIANCE SOLUTIONS

Vulnerability Scans - PCI Requirement 11.2

	NCS PCI Solution in PDF NCS PCI Solution in TEXT FOUR PCI LEVELS DEFINED NCS Offers An On-demand Solution For Certifying Compliance With PCI Security Standards Requirements.   2,000,000 Customer Record Lost Or Stolen   With about 2 million customer records lost or stolen this year alone, the payment card industry is clamping down on merchants and payment processing firms to improve security practices. MasterCard, Visa, and others, have developed a set of security standards that dictate what companies must do to secure credit card data. Taking some businesses by surprise, those that don t comply by June 30th could be banned from trading or left alone to account for the cost of break-ins. NCS utilizes technology from an approved PCI Security Standards Council scan vendor.  We offer a specific vulnerability analysis service that tests against The PCI Standards.  Our process demonstrates the diligence required by The Standard.   NCS Provides The Following Services   PCI Standards Gap Analysis Self Assessment Questionaire Assistance and Submission Wireless Vulnerability Analysis (PCI DSS 11.1) Quarterly Network Vulnerability Scans (PCI DSS 11.2) Penetration Testing - Network and Application Layers (PCI DSS 11.3)   Our process identifies critical network vulnerabilities and provides information to remediate these weaknesses.  In addition, NCS makes available on-site support to implement fixes to the identified problems.  Once vulnerabilities are fixed NCS re-runs the network audit to confirm compliance and certify the result.  During the study, we help the customer complete the  Self Assessment Survey which is then appended to the compliance report. CHALLENGE: It is expected that PCI Security Standards Council will publish a revised set of PCI Standards that  will require all entities that process, store, transmit, or report credit card data to take adequate steps to protect confidential cardholder information.  The new guidelines will strengthen the concept of network vulnerability testing and broaden the concept of the testing requirements beyond e-commerce only.   Even if an organization does not offer Web-based transactions or e-commerce, there are other services that make systems Internet accessible and therefore must comply. The requirements outlined by the payment card industry requires online merchants and service providers to complete two security evaluation steps: Complete the Payment Card Industry Self-Assessment Questionaire. Use a Network Assessment Scanning Tool - run remotely by a PCISSC approved scan vendor -  to measure and eliminate security threats associated with electronic commerce. Solution Net Compliance Solutions utilizes technology from a PCISSC approved scanning vendor, certified to conduct quarterly network vulnerabity scans as is required by the PCI Standards. Using this technology, Net Compliance Solutions performs PCI compliance testing and reporting. Pre-defined scan profiles enable NCS to the network according to PCISSC requirements. Once merchants have fixed appropriate vulnerabilities defined by PCISSC, Net Compliance Solutions provides a PCI compliance report with the name and certificate number of the Approved Scan Vendor (ASV) which can be submitted directly to the acquiring bank.     The major card companies which includes MasterCard, Visa, American Express, Discover and JCB accept network scans performed by PSISSC approved scan vendors.  COMPLIANCE Online Merchants & Service Providers   Major Card Companies Form PCI Security Standards Council   Effective, October, 2006: MasterCard, Visa, American Express, Discover, and JCB have agreed to establish the PCI Security Standards Council, LLC which will assume responsibility for administration of the PCI Standards that will apply to any organizations that store, transmit, maintain or process cardholder data.   In addition, PCI Security Standards Council will be responsible for certification of authorized scanning vendors and qualified security assessors.   The PCI Standards remain a set of data security standards to which banks, online merchants and member service providers (MSPs) must comply, or face the possibilities of fines and loss of privileges should a data security breach occur.    Collectively, these requirements are known as The PCI Standards which include MasterCard's Site Data Protection (SDP) program an Visa's Cardholder Information Security Program (CISP).   The PCI Standards require that merchants engage PCI Security Standards Council approved scan vendors to run remote vulnerability scans on a quarterly basis to identify critical network vulnerabilities.  All significant vulnerabilities must be fixed and a compliance scan run must indicate a "Passed" rating. This report must be submitted to the acquiring bank with the approved scan vendor generated report with vendor name and certificate number to be accepted as proof of compliance with the PCI Standards.    In addition, The PCI Standards require that the PCI Self Assessment Survey be completed and attached to the annual certification report.   There are FOUR LEVELS based on transaction volumes which dictate the requirements to be met by the online merchant or service provider that stores, processes or maintains cardholder data.

	NCS PCI Solution in PDF NCS PCI Solution in TEXT