31
MP Server / Re: Anyone doing PCI with CMOD?
« on: February 14, 2013, 04:59:53 AM »
PCI entails a larger number of requirement above and beyond application security and encryption.
The data compression used in CMOD has no effect as far as a PCI auditor is concerned since the data is not "encrypted".
To date, IBM has no plans to make CMOD PCI compliant.
To help reduce the exposure, we do use Vormetric CoreGuard to encrypt all of the CMOD and TSM filesystems and backups are written to hardware encrypted tapes. We also have written a Preview Exit (arsuprep) that is used to mask credti/debit cards prior to display.
The data compression used in CMOD has no effect as far as a PCI auditor is concerned since the data is not "encrypted".
To date, IBM has no plans to make CMOD PCI compliant.
To help reduce the exposure, we do use Vormetric CoreGuard to encrypt all of the CMOD and TSM filesystems and backups are written to hardware encrypted tapes. We also have written a Preview Exit (arsuprep) that is used to mask credti/debit cards prior to display.