|Name||HACKER SAFE||SDP||SANS / FBI|
|Introduction to ScanAlert's Security Audit Report|
"Qualified Independent Scan Vendor" ScanAlert is accredited by Visa USA,
MasterCard International, American Express, Discover Card and JCB to perform
network security compliance audits conforming to the Payment Card Industry (PCI)
Data Security Standards.
ScanAlert's security audits test for all vulnerabilities that can be remotely scanned for as listed in the Federal Computer Incident Response Center (FedCIRC) vulnerability catalog, the Common Vulnerabilities and Exposures (CVE) list, the SANS/FBI Top 20 Internet Security Vulnerabilities list, the Computer Emergency Response Team's (CERT) advisories list, and the Information Assurance Vulnerability Alerts (IAVAs) issued by the US Department of Defense.
To earn certification of PCI compliance network devices being audited must pass tests that probe all of the known methods hackers use to access private information, in addition to vulnerabilities that would allow malicious software (i.e. viruses and worms) to gain access to or disrupt the network devices being tested. This audit report summarizes the results of these tests, and presents detailed information on the current security status of each network device covered in this report.
NOTE: In order to demonstrate compliance with the Payment Card Industry (PCI) Data Security Standard, no vulnerabilities listed as URGENT, CRITICAL or HIGH (numerical severity ranking of 3 or higher) may be present on any device within this report.
This report was generated in the framework of the SDP Program and took in consideration security requirements as expressed in the MasterCard Security Standard.
|ScanAlert's Certification of Regulatory Compliance|
sites are tested and certified daily by ScanAlert to meet all U.S.
Government requirements for remote vulnerability testing as set forth by the
National Infrastructure Protection Center (NIPC) and are accredited by the
SANS Institute to meet the requirements of the SANS/FBI "Top Twenty Internet
Securities Vulnerabilities" test. They are also certified to meet the
security scanning requirements of VISA's Cardholder Information Security
Program (CISP), MasterCard's Site Data Protection (SDP) program, American
Express' CID security program, the Discover Card Information Security and
Compliance (DISC) program through the Payment Card Industry (PCI) Data
Web servers and other network devices meeting ScanAlert's HACKER SAFE security certification requirements are also certified to be in compliance with the requirements for web site and Internet security to protect private information under the CHILDREN'S ONLINE PRIVACY PROTECTION ACT OF 1998, the HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA), the GRAMM-LEACH-BLILEY ACT (GLBA) protecting financial information, the SARBANES-OXLEY ACT(SOX) and Canada's Personal Information Protection and Electronic Documents Act.
|ScanAlert HACKER SAFE®|
|Signifies device is, as of the date of this report, compliant with ScanAlert's HACKER SAFE certification. Network devices certified as HACKER SAFE are tested daily and certified to pass all external vulnerability audit recommendations of the Department of Homeland Security's National Infrastructure Protection Center (NIPC). HACKER SAFE certification also meets the requirements for network vulnerability audits of the CHILDREN'S ONLINE PRIVACY PROTECTION ACT OF 1998, the HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA), the GRAMM-LEACH-BAILEY ACT (GLBA) protecting financial information, and the SARBANES-OXLEY ACT.|
|Payment Card Industry (PCI) Data Security Standard|
|Signifies device, as of the date of this report, is compliant with the remote vulnerability audit requirements of the Payment Card Industry (PCI) Data Security Standard, MasterCard International's Site Data Protection (SDP) program, Visa USA's Cardholder Information Security Program (CISP), the American Express Data Security Standards, and Discover Card's DISC program. ScanAlert's certification of PCI compliance is also accepted in most countries under Visa International's AIS program.|
|SANS / FBI Top 20|
|Signifies device is, as of the date of this report, free of all vulnerabilities that can be remotely scanned for as listed on the SANS/FBI Top Twenty vulnerabilities list, and meets all US federal government requirements for remote vulnerability testing as set forth by the National Infrastructure Protection Center (NIPC). The SANS Institute has tested and accredited ScanAlert's vulnerability audits to meet these requirements. The SANS/FBI Top Twenty vulnerabilities list is generally regarded as the industry-wide benchmark for network vulnerability assessment.|
|Name||HACKER SAFE||SDP||SANS / FBI|