Agiliance Payment Card Industry (PCI) Data Security Standard (DSS) 3.1 Content Pack has been released. Based on the new PCI DSS 3.1 information security standard, this new content pack provides organizations that handle cardholder information for major debit, credit, prepaid, e-purse, ATM, and point-of-sales cards, with packaged intelligence and best practices to tighten controls and reduce the risk of data breaches and fraud.
CardWeb.com’s CardData database of Company Profiles today features Denmark’s Cryptomathic.
In today’s CardFlash News Que: USAA (Android Pay); EBAY (COO); GOTRUST (NIST): and EGIFTER (Amilon).
Catbird®, a Gartner Cool Vendor in Infrastructure Protection, today announced that Catbird vSecurity® protection and continuous compliance supports automated security for static and dynamically provisioned virtual desktops. This integration gives Catbird vSecurity customers best-in-class network security at a greatly reduced cost. Catbird vSecurity enforces virtual desktop segmentation, auditing, and control. Catbird vSecurity includes Catbird vCompliance™…
Catbird has been recognized as a 2011 Industry Innovator by SC Magazine, having set benchmarks in its product area with its “vSecurity” platform. This platform was recognized for in-depth compliance monitoring while providing essential functionality for virtual security, especially in cloud environments. Catbird “vSecurity’s” multifunction approach to virtualization security and compliance includes automated protection for network infrastructure such as virtual machines, virtual networks and the hypervisor management network.
PCI DSS QSA Charles Denyer reveals his top 10 Challenges and Recommendations list regarding PCI compliance, which is a must-read for any merchant, service organization or any other entity involved in the processing, storing, or transmitting of cardholder data. The “Top 10 PCI List” addresses provisioning, hardening, securing and locking-down all in-scope “system components;” anti-virus; two-factor authentication; web application firewall (WAF); audit Trails and Logging; log Server | Syslog; File Integrity Monitoring; Intrusion Detection System; Policies and Procedures; and Operational Commitments from Internal Personnel.
Smart card identity and security ID leaders at the federal, state and local levels gathered at the Smart Card Alliance 9th Annual Smart Cards in Government Conference in Washington, D.C. to share status updates and lessons learned for projects underway. Main points touched on include the emerging National Strategy for Trusted Identity in Cyberspace (NSTIC), putting Personal Identity Verification (PIV) credentials to work for physical and logical access and identity management in healthcare. The NSTIC document will be ready for President Obama’s signature this winter to take advantage of the work done on the PIV and PIV-I (PIV-Interoperable) standards, which underlie the two-factor authentication credentials already widely used by the federal government and increasingly adopted by states and commercial organizations. With more than 75 percent of federal employees and contractors now carrying a smart card-based PIV credential, the focus is shifting to putting those cards to use for physical and logical access control. Through education programs, market research, advocacy, industry relations and open forums, the Smart Card Alliance keeps its members connected to industry leaders and innovative thought.
F5 Networks and CA-based DNS, DHCP and IPAM solution provider
Infoblox have partnered to speed Domain Name System Security
Extensions (DNSSEC) deployment.
Infoblox’s industry-leading DNSSEC features replace manual key
generation and zone signing with a “one-click” process that generates
and securely distributes encryption keys to all appliances in the
Infoblox Grid that serve DNSSEC data. F5 provides a FIPS-compliant
option to satisfy the most stringent military grade key security. Both
F5 and Infoblox systems handle the NIST recommended key policies and
automatic rollover. This configuration mitigates denial of
service attacks on DNS and allows
customers to manage the adopt IPv6.
MD-based Unified Security Monitoring provider Tenable Network Security has received Common Criteria certification for Tenableâs Security Center. Tenable’s Common Criteria-certified product suite includes vulnerability management, log management and visualization solutions for IT procurement managers in the Federal and commercial sectors requiring conformance to a common ISO-based standard for assessing product security.
Tenableâs Security Center product has been certified under Common Criteria (CC) Evaluation at Evaluation Assurance Level Two Augmented with Flaw Remediation (EAL2+). The Target Of Evaluation (TOE) includes all the elements that comprise a full deployment of the Security Center suite: Security Center (SC), Nessus Vulnerability Scanner (Nessus), Log Correlation Engine (LCE) and the LCE Clients, Passive Vulnerability Scanner (PVS), and the 3D Tool (3DT).
The Smart Card Alliance Healthcare and Identity Councils have released a white paper that seeks to improve data collection for
electronic medical records.
The Councils recommend the use of existing federal standards for
smart cards to create a trusted identity management infrastructure.
The Smart Card Alliance paper discusses the current challenges facing
the healthcare IT infrastructure and details why smart cards provide the
most cost efficient, secure, and user-accepted method for solving the
healthcare identity management problem. It also explains how smart card
technology can help make the critical capabilities needed in the
healthcare infrastructure both possible and cost-effective. It can also
provide an ideal way to achieve HIPAA compliance and meet the more
stringent regulatory requirements of ARRA / HITECH.
Oberthur Technologies “ID-One” access card is the recipient of the “2009 New Product of the Year Award in the Access Control” category by Security Products magazine. “ID-One PIV BIO” is a fully compliant physical and logical security access card solution. The PIV BIO solution provides identity proofing, card authentication, digital signature, fingerprint on-card comparison, encryption and secure post issuance management. The card meets FIPS 201 requirements and includes a
fingerprint on-card comparison that has been validated by NIST labs to comply with PIV interoperability specifications. It has tamper proof cryptography for enhanced security. The award honors the outstanding product development achievements of security equipment manufacturers whose products are considered to be particularly noteworthy in their ability to improve workplace security.
The Smart Card Alliance will hold a workshop in October that focuses on
the next generation of physical access controls.
The workshop will be held in conjunction with the Smart Card Alliance
8th Annual Smart Cards in Government
Conference in Washington DC. The workshop, “Smart Cards and Next
Generation Physical Access Control
Systems” (PACS) will present an overview of the technologies and
requirements that are driving next
generation PACS designs, based on FIPS 201-2 and NIST SP 800-116
Guidelines. The workshop will look at the impact that cryptography,
federal interoperability requirements, risk-based multi-factor
authentication, and PACS integration with asset tracking and logical
access systems will have on next generation PACS implementation.
The Smart Card Alliance Physical Access Council is focused on
accelerating the widespread acceptance, usage, and application of smart
card technology for physical access control. The group brings together,
in an open forum, leading users and technologists from both the public
and private sectors and works on activities that are important to the
physical access industry and that will help speed smart card adoption in
this important market. Physical Access Council projects have focused on
the impact that FIPS 201 will have on U.S. government physical access
requirements and on the integration of physical and logical access control.