Many HPE NonStop customers have been passed by a QSA as being PCI compliant, but often the QSA doesn’t have sufficient NonStop expertise to really know if all technical security requirements have truly been met. This can include compensating controls used for protecting sensitive data as well as vulnerabilities in configuration that may provide ways of gaining access to privileged userids or data. A number of recent high profile security breaches have alerted the whole industry to the fact that compliance does not necessarily equal security. This presentation will look at some of the common areas of vulnerability for the NonStop, illustrate the problem with compensating controls for Req. 3.4 by showing ways that a user can bypass session capture software and provide ways to minimize the risk of a security breach.
*Knightcraft Technology is the leader in security consultancy services and PCI DSS compliance for the HPE NonStop Server platform. With a proven methodology and toolset, and our partnerships with HPE and comForte, wherever you are located in the world, we can assist you.
Please see the Knightcraft Services section for details of services available from Knightcraft. You can contact us directly or speak to your comForte or HPE representative to find out how we can help you ensure that your HPE NonStop Server security, audit and compliance requirements are fully satisfied.
Download a PDF copy of the presentation |
Knightcraft services can be obtained directly from knightcraft or procured through HPE. Please Contact us or your HPE account team to find out how we can help you achieve your security and compliance objectives. |