Parasoft Logo Register | Log in  /  Contact us  /  Blog  /  Support  /  Downloads  /  info@parasoft.com  /  888-305-0041  /  Language »
For a Printable Version, click here (396 KB PDF).
Download the latest version of Adobe Acrobat if you do not have a PDF reader.
 

Establishing a Continuous Process for PCI DSS Compliance

Visa, MasterCard, American Express, and other payment card companies currently require all U.S. merchants accepting credit card payments to comply with the Payment Card Industry Data Security Standard (PCI DSS), which is a global compliance initiative that outlines a set of comprehensive requirements to help organizations protect payment card account data from fraud, hacking, and other security vulnerabilities and threats. It requires organizations to not only perform many different tasks, but also to record who performed them and when. Parasoft Development Testing Platform (DTP) employs the Process Intelligence Engine (PIE) to help you establish a repeatable process that ensures your team members are conforming to your organization’s prescribed PCI policy.

PCI DSS requirement 6 details how to “develop and maintain secure systems and applications.” It promotes a proactive, preventative approach to building security into the application throughout the stages of software development, including continuous testing and continuous integration processes. This is in contrast to an ad-hoc approach that seeks to test security vulnerabilities out of the application one by one. Parasoft is the industry leader in defect prevention—in fact, we wrote the book on it (Automated Defect Prevention, Wiley-IEEE, 2007). With over 25 years of experience helping over half of the Fortune 500 companies incorporate the PCImandated practices throughout the development process, Parasoft knows what it takes to rapidly bring organizations into compliance with PCI DSS.

Parasoft’s PCI DSS Solution significantly reduces the time and cost of achieving PCI compliance by:

  • Delivering the industry’s most comprehensive security vulnerability prevention and detection capabilities in an integrated solution: Parasoft provides out-of-the-box automation of practices essential for achieving PCI DSS 6 compliance, including:
    • Static analysis– pattern-based coding standards, data flow analysis, code metrics.
    • Dynamic analysis– unit testing, integration testing, functional testing, memory error detection.
    • Penetration testing– runtime security policy validation (encryption, authentication, signatures).
    • Peer code review (and document review) process automation.
  • Providing out-of-the-box checking for the security issues referenced in PCI DSS requirement 6: The solution is configured to deliver an instant assessment of compliance with PCI DSS requirement 6 security guidelines across Java, C/C++, .NET, Web language code, and other security-critical application artifacts (e.g., XML configuration files). This enables teams to rapidly assess the level of compliance—without spending time reading the PCI DSS specification and determining how the requirements translate to code.
  • Establishing an automated process that integrates security throughout the SDLC: Parasoft’s automated infrastructure facilitates continued compliance as the application evolves by making compliance to PCI-mandated practices an unobtrusive part of the team’s existing workflow.
  • Facilitating issue remediation, not just issue detection: Each issue detected is prioritized, automatically correlated to the developer who introduced it, then distributed to his or her IDE with direct links to the problematic code. Eventually, developers start writing compliant code as a matter of habit.
  • Delivering extensive reporting for documentation and process improvement: Our centralized reporting system provides real-time visibility into overall security status and processes

Using Parasoft’s integrated solution, organizations not only gain a fast track to PCI DSS 6 compliance, but also establish a process for ensuring that all of the mandated PCI DSS tasks are performed and documented as expected.

How Parasoft DTP Capabilities Facilitate Compliance with PCI DSS Requirements

Parasoft Support for PCI DSS 6



To read more, download the PDF.


Google+RSSBlogTwitterFacebookWikipediaLinked InYouTube Copyright © 1996-2014 Parasoft   |  Privacy Policy |  Site Map