2010-02-22 08:29 AM
Are there any options for PCI DSS compliance? How do I not only ensure the data is securely encrypted and only accessed by individuals who need to access it, but provide an auditable record of all actions (including reads!) on the encrypted data?
2010-02-22 02:17 PM
The PCI-DSS 1.2.1 standard publishes a document (attached here) that outlines the 12 different requirements the standard calls for. It goes into all the details per section so customers can make their own assessment before any audits are necessary.
2010-02-23 05:36 AM
thanks for that.
My question is related to what is listed as requirement 10. I'll confess to be posting as a result of the "win a kindle" contest, but I'm interested to understand if there is are any solutions from brocade or netapp that provides for reporting on access to encrypted filesets. A specific example - if I have a windows fileshare hosted on a netapp aggregate/volume, can I leverage these encryption options to both a) encrypt and b) monitor access to the files on the encrypted fileshare? By "monitor access" I mean monitor reads and writes.
2010-02-23 06:28 AM
If you are talking about Windows LUNs you need to turn on windows security logging on the server as the NetApp SAN will only see "Windows Server connect to LUN" and this proves nothing. If you have Windows shares on your filer you need to turn on CIFS auditing on your filer.
Have a look at this:
Hope it helps