The PA-DSS Program Guide v2.0 and Attestation of Validation (AOV) v2.01 have been released by the SSC with changes that impact the preparation of Reports of Validation (ROVs). Version 1.0 expires on April 1, 2012 at which point 2.0 “becomes mandatory”.
The change list shows updates in the following areas:
Roles and responsibilities
Process flow diagrams
Fee structure
Annual validation process
Minor change acceptance
Payment application types
Expiration cycle (3 yr)
Payment application type 06, “POS Specialized,” mentions the increasingly popular mobile apps.
Point of sale software which can be used by merchants for specialized transmission methods, such as Bluetooth, Category 1 or 2 mobile, VOIP, etc.
This annual event features a campground set up in our bear exhibit in the zoo’s Northern Trail. Bears are released into the campground to demonstrate the results of poorly planned campsites, plus a demonstration on how to create a bear-safe campsite and promote safe interactions between humans and bears in the wild. Plus learn about another native predator, gray wolves!
First clue that you might be in danger? You just pitched a tent inside the bear exhibit at a zoo.
I will be there and hope to see you. Here is a quick list of all the dedicated security and compliance presentations:
Ravi Kumar, Eric Horschman – (CIM1250) Selling the VMware Advantage for Business Continuity and Security
Rob Randell, Jeff Szastak – (CIM1248) Using vShield and vCenter Configuration Manager to Achieve Better Than Physical Security for Business Critical Applications
Jeremiah Cornelius, Scott Sloan – (TEX1517) Security Partner Opportunity and Enablement for Partners in the New Data Center
Ana Seijas – (CIM1275) Securing the Virtual Infrastructure – Preparing for the Cloud
Wen Yu, Simon Mijolovic – (EUC1478) Tips, tricks and lessons learned in designing a vDaaS (virtual desktop as a service) with end to end secure multi-tenancy
Ravi Kumar, Ibrahim Rahmani – (CIM1372) Panel Discussion – Partner’s Best practices in Selling and Delivering Virtual Security
George Gerchow, Davi Ottenheimer – (TEX1543) Compliance Audit Validated Industry Specific Architectures
Grant Suzuki – (CIM1349) VMware vShield App Security Deep Dive
Ben Del Vento – (CIM1409) Compliance and Security: A holistic approach from the bottom up
Alka Gupta – (EUC1504) VMware Horizon App Managerâ„¢ – a user-centric management service for securely accessing private and public cloud applications from inside an Enterprise
George Gerchow, Davi Ottenheimer – (CIM1526) Achieving a Trusted Cloud – vCM, VIN, vShield Technical Overview
And if you are attending the VMware Customer Council please consider joining our session on Sunday at 10am, where we will discuss the latest progress and development in compliance automation for virtual and cloud environments. I will be there to answer questions about SCAP and the new hardening guide for vSphere5.
VMware has been working with QSAs such as Coalfire to clarify how to successfully address PCI while still being able to fully leverage virtualization. This link takes you to a whitepaper written by Coalfire that highlights some of the core technologies that VMware offers that can help you address PCI compliance. VMware is actively working to deliver more guidance in this area but this will give you a good overview on how VMware can help companies of any size achieve PCI 2.0 compliance.
a blog about the poetry of information security, since 1995
