WALTHAM, Mass.— 14 Feb 2008— Novell today announced a significant enhancement to its security and information event management solution, Novell® Sentinel™, that will help retailers meet the detailed requirements of the Payment Card Industry Data Security Standard (PCI-DSS). One of the most critical compliance requirements for online and endpoint point-of-sale merchants, financial institutions, credit and debit card processors and credit card companies, PCI-DSS protects consumers from data fraud and identity theft by providing stringent guidelines for merchants on how to safeguard credit card information at various points in the payment process. The Novell PCI Solution enables retailers to easily demonstrate compliance with PCI-DSS and is the industry’s most effective solution for automation, validation and end-to-end management of the PCI process.
“Proving compliance with the more than 160 specific requirements of PCI-DSS creates obvious new challenges for IT departments,” said Sally Hudson, research director, Security Products and Services of IDC. “Few organizations have the infrastructure and resources in place to achieve compliance with these far-reaching requirements quickly. And with continual deadlines and increasing enforcement, it makes sense for enterprises to adopt a carefully planned strategic approach to data security that addresses compliance issues, automates PCI-DSS requirements and enhances other IT and end-user operations.”
Powerful Tools Streamline Compliance
Millions of cases of identity theft and data breaches, including high-profile cases with large amounts of payment card data stolen or compromised, have fueled an urgent industry-wide movement to tighten payment card data security. In response, the leading payment card companies worked together to develop PCI-DSS. This standard requires any retailer that handles, transmits or stores payment card data to meet a stringent set of data security requirements to stay in compliance with their payment card company contracts.
Developed specifically to address the needs of merchants challenged with meeting PCI-DSS requirements, the the Novell Sentinel PCI Solution contains powerful collection and monitoring tools to implement and enforce compliance programs quickly and cost-effectively. The Novell Sentinel PCI Solution features the real-time information and monitoring capabilities of Novell Sentinel, as well as robust collectors, connectors, reports, correlation rules and workflows engineered specifically to help enterprises meet the requirements of the standard, automate the PCI process, and demonstrate the enforcement of PCI controls to auditors.
Comprehensive Features for PCI-DSS Requirements
The Novell Sentinel PCI Solution is the most recent addition to Novell’s portfolio of identity and security management solutions. A significant enhancement to Novell Sentinel, the PCI Solution integrates with Novell Identity Manager and Novell Access ManagerTM, giving enterprises a holistic view of the policies, people and processes in their compliance environment. The PCI Solution features:
Technology to ensure PCI-DSS control objectives are being met – The Novell PCI Solution is the only solution to ensure automated controls are tied back to specific relevant regulations and manual processes are documented to prove those regulations are tested and implemented. The PCI Solution helps retailers address the more advanced technical requirements of PCI-DSS.
Advanced content to streamline the compliance process – The offering includes all content required to implement an end-to-end PCI compliance solution, including more than 25 reports, 15 correlations rules and other features of Novell Sentinel, such as iTRACTM graphical workflows, in-memory correlations with dynamic lists, and data enrichment with business relevance. The Novell Sentinel PCI Solution audits and monitors the implementation process and can institute strong detective and corrective controls. For example, correlation rules can provide an alert when a terminated user accesses the system and perform an action to revoke access.
Automated reports – Management of the complete solution is simple, graphical, and fully audited to allow easy demonstration of compliance reports. Automated reports can be generated on demand if auditors request it, such as a report showing all users who have accessed specific cardholder data.
Customization for PCI evolution – New tools help enterprises adapt and quickly implement new controls and processes to meet the continually evolving PCI-DSS standards. The Sentinel Solution Designer packages correlation rules, dynamic lists, maps, reports and iTRAC workflows along with a description of the PCI-DSS requirement the control was designed to fulfill, implementation instructions, and testing steps to ensure that the control is working as expected. The Sentinel Solution Manager is a new interface designed to install and manage the Novell Sentinel PCI Solution.
Partner tools for easy implementation – A separate interface allows partners to design customized solutions that focus on repeatability, thus minimizing the amount of consulting work needed to implement the solution. Partners can make this applicable to other regulations as well, such as Sarbanes-Oxley (SOX) and the Health Insurance Portability and Accountability Act (HIPAA).
“PCI-DSS is one of the most important governance, risk management and compliance initiatives facing enterprises,” said Jim Ebzery, senior vice president of Identity and Security Management at Novell. “Most merchants have already been through multiple PCI-DSS audits, but have either failed to comply and are paying fines or were able to pass only by employing costly and time-consuming manual methods. With our Novell Sentinel PCI Solution, we are meeting the needs of enterprises faced with the demands of PCI-DSS controls by giving them the ability to automate, validate and prove PCI compliance.”
For more information about the Novell Sentinel PCI Solution visit http://www.novell.com/pci.
Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment. It just worked for at least one person, and perhaps it will be useful for you too. Be sure to test in a non-production environment.