Kbase P165451: What does PCI-DSS compliance mean for OpenEdge applications?
| Autor |
Progress Software Corporation - Progress |
| Acesso |
Público |
| Publicação |
5/6/2010 |
|
Status: Unverified
GOAL:
What does PCI-DSS compliance mean for OpenEdge Applications?
GOAL:
How to respond to questions related to PCI-DSS compliance?
GOAL:
How to respond to audits of Progress-based applications for PCI-DSS?
FACT(s) (Environment):
All Supported Operating Systems
Progress/OpenEdge Versions
WebSpeed Versions
FIX:
The purpose of the PCI-DSS (Payment Card Industry - Data Security Standard) is to reduce credit card fraud by minimizing the ability of intruders to exploit common computing security flaws to steal credit card data. The PCI council created the DSS to protect credit card data throughout its lifecycle.
OpenEdge applications that handle credit card information or run in an environment where network traffic, OS processes or physical disk storage handle credit card data will need to adhere to the DSS to be able to be PCI-DSS compliant.
The PCI Council requires every merchant, card processor, and card service provider (hereafter referred to as "merchant") to comply with the DSS in order to do credit card business with PCI council members. The PCI council introduced the concept of PCI scope, to limit which of a merchant's business systems have to be PCI-DSS compliant. For distributed OpenEdge applications, some components, such as clients, running outside a DSS compliant firewall, may not have to be DSS compliant. Other components such as servers and databases handling credit card data, would run inside a firewall and must be DSS compliant.
The PCI council supplies a wide range of documentation on its website to help users better understand the definition of compliance and what the auditors use as criteria to measure it. Please view the references below for more information on PCI-DSS compliance.