Payment Application Data Security Standard PA-DSS published
2008-04-18On Tuesday the PCI Council published the Payment Application Data Security Standard (PA-DSS). atsec information security welcomes the payment card industry’s move to standardize its security requirements. PA-DSS ensures that payment applications protect card holder data responsibly and that appropriate security controls are implemented within software solutions. The goal of PA-DSS is to help software vendors and others to develop secure payment applications that do not store prohibited data, such as full magnetic stripe, other sensitive authentication data or PIN data, and ensure their payment applications support compliance with the PCI DSS. PA-DSS requirements apply to payment applications that are sold, distributed or licensed to third parties.
atsec is a major contributor to the development of international, normative IT security standards. atsec has a high level of expertise in consulting clients on how to apply and implement such standards, as well as in evaluating IT operations, products and systems against standardized criteria.
- atsec is a qualified security assessor (QSA) accredited by the PCI council to perform third party PCI security assessments in the U.S., Europe and China.
- atsec has conducted a large number of security audits and assessments for customers of varying sizes, including customers in the telecommunications, energy, financial and defense sectors, which results in a wide practical experience in assessing applications and systems.
- atsec has specialist expertise in the conduct of source code review, FIPS 140-2 testing, algorithm validation, SCAP and penetration testing.
- atsec is an accredited laboratory in three national schemes (U.S., Germany, Sweden) to perform Common Criteria (ISO/IEC 15408 and 18045) evaluations. Because of our evaluation work we are able to provide in depth expertise of several operating systems and network appliances.
- We have successfully prepared large corporate customers for ISO/IEC 27001 (BS 7799) certifications.
About atsec information security
atsec information security is an independent, standards-based information technology security services company that combines a business-oriented approach to information security with in-depth technical knowledge and global experience. atsec was founded in Munich (Germany) in 2000 and has extensive international operations with offices in the U.S., Germany, Sweden, and China.
