Visa, MasterCard, American Express, and other payment card companies currently require all U.S. merchants accepting credit card payments to comply with the Payment Card Industry Data Security Standard (PCI DSS). A global compliance initiative is targeted for 2010.
The PCI DSS outlines a set of comprehensive requirements to help organizations protect payment card account data from fraud, hacking and various other security vulnerabilities and threats. It requires organizations to not only perform many different tasks, but also to record who performed them and when. Parasoft Concerto, with its business process engine, helps you establish a repeatable process to ensure that the responsible team members are conforming to your organizations prescribed PCI policy.
PCI DSS requirement 6 details how to "develop and maintain secure systems and applications." It promotes a proactive, preventative approach to building security into the application throughout the software development lifecycle (SDLC)rather than trying to test security vulnerabilities out of the application, one by one.
Parasoft is the industry leader in defect preventionin fact, we wrote the book on it (Automated Defect Prevention, Wiley-IEEE, 2007). With 20+ years of experience helping over half of the Fortune 500 companies incorporate the PCI-mandated practices throughout the SDLC, Parasoft knows what it takes to rapidly bring organizations into compliance with PCI DSS.
Parasofts PCI DSS Solution significantly reduces the time and cost of achieving PCI compliance by:
- Delivering the industrys most comprehensive security vulnerability prevention and detection capabilities in an integrated solution:
Parasoft provides out-of-the-box automation of practices essential for achieving PCI DSS 6 compliance, including:
- Static analysis pattern-based coding standards, data flow analysis, code metrics.
- Dynamic analysis unit testing, integration testing, functional testing, memory error detection.
- Penetration testing runtime security policy validation (encryption, authentication, signatures).
- Peer code review (and document review) process automation.
- Providing out-of-the-box checking for the security issues referenced in PCI DSS requirement 6:
The solution is configured to deliver an instant assessment of compliance with PCI DSS requirement 6 security guidelines across Java, C/C++, .NET, Web language code, and other security-critical application artifacts (e.g., XML configuration files). This enables teams to rapidly assess the level of compliancewithout spending time reading the PCI DSS specification and determining how the requirements translate to code.
- Establishing an automated process that integrates security throughout the SDLC:
Parasofts automated infrastructure facilitates continued compliance as the application evolves by making compliance to PCI-mandated practices an unobtrusive part of the team's existing workflow.
- Facilitating issue remediation, not just issue detection:
Each issue detected is prioritized, automatically correlated to the developer who introduced it, then distributed to his or her IDE with direct links to the problematic code. Eventually, developers start writing compliant code as a matter of habit.
- Delivering extensive reporting for documentation and process improvement:
Our centralized reporting system provides real-time visibility into overall security status and processes
Using Parasofts integrated solution, organizations not only gain a fast track to PCI DSS 6 compliance, but also establish a process for ensuring that all of the mandated PCI DSS tasks are performed and documented as expected.
Parasoft Concerto Capabilities versus PCI DSS Requirements
Parasoft Support for PCI DSS 6
To read more, download the PDF.