The netForensics PCI Security Audit Framework module tells users what the auditor is looking for. Unlike our competitors we have certified auditors on staff, not consultants mapping COBIT or other standards generically
EDISON, N.J. (PRWEB) July 14, 2008
Modules that address specific regulations, such as PCI, Sarbanes-Oxley, HIPAA and FISMA, easily plug into the framework for quick deployment and rapid time to value. The first module delivered as part of the release of the new security audit framework helps retail organizations manage themselves against the Payment Card Industry (PCI) Data Security Standard.
The new audit framework and out-of-the-box modules seamlessly integrate into nFX SIM One through a new web-based interface. Other information security management and log management vendors enable their users to report on the data that is collected, but put the onus on the end user to "connect the dots" for interpreting, taking action against and reporting on this information. The netForensics solution provides end users with a detailed checklist and reports that they can provide to an auditor explaining exactly how affected devices are configured and what is being reported on.
Guidance is provided that tells the user what affected devices they should be concerned with, how to group them for compliance monitoring within the SIM application, and what data to monitor based on the specific sections of the various regulations and standards. Through the new framework, the modules include:
Knowledge-base guidance that details what an affected customer must monitor and report on Detailed, step-by-step instructions for configuring, aligning, and monitoring devices and other resources affected by the relevant regulation or standard Advanced correlation rules and report templates needed to speed deployment The PCI compliance module decreases the time and resources needed to spend on meeting PCI compliance requirements, gathers information for self-assessments from an auditor's perspective, and provides third-party auditors information needed to evaluate organizational compliance. Within the PCI Data Security Standard, there are 12 sections and over 100 subsections that make up the requirements. The netForensics PCI Security Audit Framework module covers the following requirements:
1.1.1 - A formal process for approving and testing all external network connections and changes to the firewall configuration 1.1.3 - Requirements for a firewall at each Internet connection and between any demilitarized zone (DMZ) and the internal network zone 1.1.4 - Description of groups, roles, and responsibilities for logical management of network components 1.3.7 - Denying all other inbound and outbound traffic not specifically allowed 3.4 - Render account numbers, at minimum, unreadable anywhere it is stored (including data on portable digital media, backup media, in logs, and data received from or stored by wireless networks) by using any of the following approaches: -- Strong one-way hash functions (hashed indexes) -- Truncation -- Index tokens and pads (pads must be securely stored) -- Strong cryptography with associated key management processes and procedures 10.1 - Establish a process for linking all access to system components (especially access done with administrative privileges such as root) to each individual user 10.2.1 - All individual user accesses to cardholder data. "The netForensics PCI Security Audit Framework module tells users what the auditor is looking for. Unlike our competitors we have certified auditors on staff, not consultants mapping COBIT or other standards generically," said Tracy Hulver, Vice President of Marketing and Products at netForensics. "Compliance is education, not just a blind shot in the dark attempt at success. Other vendors don't truly understand what the auditor is looking for and instead provide a generic offering that typically fails under the scrutiny of a seasoned IT auditor."
netForensics will launch additional compliance modules over the next several months, including those that will support Sarbanes-Oxley (SOX), Gramm-Leach-Bliley Act (GLBA), and the Federal Information Security Management Act (FISMA).
netForensics delivers security compliance management solutions that help stop the ever-increasing attacks that threaten organizations. Through its patented nFX technology, netForensics not only solves security compliance challenges, but provides the proof needed to address the myriad of regulatory and internal governance requirements. The netForensics' suite of nFX One products provides solutions to address external and internal threats, mitigation, log management and reporting. Governments and companies of all sizes around the world rely on netForensics to gain unparalleled information security management visibility, prevent costly downtime, and maintain compliant operations. For more information, visit: http://www.netforensics.com/.