atsec

The information security provider.
homesitemap
  • Services
  • Company
  • News & Events
  • Resources
  • Contact
Deutsch | 汉语

Compliance and Audit
ISO/IEC 27001
SOX and Euro-SOX
FISMA
HIPAA

Testing and Assessment
Common Criteria (ISO/IEC 15408)
FIPS 140-2
Cryptographic Algorithm Testing
SCAP
NPIVP Testing
GSA PIV Evaluation (FIPS 201)
PCI QSA
PCI ASV
PCI PA-QSA

Consulting and Training
VTDR for GSA FIPS 201
Embedded Systems
Hardware Security Testing and Analysis
Penetration Testing
US Export Control for Cryptography
Training

 back to the last page
 

Payment Card Industry Compliance For Large Computing Systems

Applying Payment Card Industry Compliance Standards to Mainframe Environments

Payment Card Industry Compliance For Large Computing Systems White Paper

Abstract
Payment Card Industry Compliance for Large Computing Systems, by atsec in association with IBM and other leading Large Computing Systems (LCS) experts, is a report aimed at addressing the need for guidance and information by Qualified Security Assessors (QSA), merchants, and service providers whose card holder data environment is largely based on LCS technology. It may also be of interest to acquirers and card brands demanding compliance with the standards specified by the Card Brands.
Achieving and assessing Payment Card Industry (PCI) compliance in a LCS environment can be a challenge as the standards are more focused towards a distributed systems paradigm. A full understanding of the security features and advantages of the complex environment can provide assurance of compliance to the standard but is a very broad and detailed topic.

Drawing from an extensive knowledge of mainframe and LCS security coupled with experience as an accredited QSA company, atsec's consultants have gained a thorough understanding of the security of these systems at every level, including operating systems, virtualization technology, applications, networking and communication, and mainframe environments. This experience has been gained through Common Criteria evaluation for the US and Europe governments, cryptographic testing and analysis, and mainframe penetration testing for large financial customers on the following systems and applications:

  • z/OS
  • z/VM
  • PR/SM
  • System SSL
  • DB2
  • Multiple Tivoli and third party vendor applications

atsec presents an analysis of the PCI standards in the context of a LCS environment and provides focused guidance to QSAs and their customers on the PCI assessment of such environments and the resources available to support an assessment. Drawing from an extensive knowledge of mainframe and LCS security, coupled with experience as an accredited QSA company, this report provides the necessary insight into LCS security to QSA and other PCI professionals.

 

(c) 2010 atsec information security. | Legal notice | Security Policy