Discuss: Meeting compliance requirements through application & network penetration tests and code reviews
by Rajesh Gopinath, GCIH
Hi,
I have a clarification on PCI DSS. There are several thousand retail processors of payment cards spread globally, including India. For example, a US Amex card can be processed in India by a retailer say a hotel. What kind of compliance required on the part of network retailer?
Also, is India planning any regulation / law in this sector?
Thanks,
Malick.
FISMA requires applications to be tested for security. following are some examples from FISMA:
SI-10 - "Checks for accuracy, completeness, and validity of information… valid syntax of information system inputs (e.g., character set, length, numerical range, acceptable values)… to ensure that inputs match specified definitions for format and content"
SA-10 - “… a configuration management plan that controls changes to the system during development, tracks security flaws, requires authorization of changes, and provides documentation of the plan and its implementation “
SA-11 - "The information system developer creates a security test and evaluation plan, implements the plan, and documents the results."