Just curious, why do you or your security folks care about the encryption at an external company where the data transfer is all incoming (to you). Seems that CA should be the one concerned about the security of their system (But they can't required secure transfer for everyone). I don't see how the security of credentials outgoing to an external site are the concern of your Security or Auditor, or PCI at all.
> -----Original Message----- > From: IBM Mainframe Discussion List [mailto:[email protected]] On > Behalf Of Jerry Whitteridge > Sent: Thursday, July 23, 2009 9:06 AM > To: [email protected] > Subject: Re: CA Mainframe 2.0 > > No -- the problem is the credentials are in clear if you use your method. > The link has to be encrypted. > > Jerry Whitteridge > Mainframe Engineering > Safeway Inc > 925 951 4184 > [email protected] > If everything seems under control, you're just not going fast enough. > > > > -----Original Message----- > > From: IBM Mainframe Discussion List > > [mailto:[email protected]] On Behalf Of P S > > Sent: Thursday, July 23, 2009 8:56 AM > > To: [email protected] > > Subject: Re: CA Mainframe 2.0 > > > > On Thu, Jul 23, 2009 at 11:36 AM, Jerry > > Whitteridge<[email protected]> wrote: > > > Agreed -- we are allowed no unsecured file transfer to the > > mainframe due > > > to PCI. Our preference is FTPS but we could (for certain > > kludges) work > > > with SFTP. All vendors need to be reconsidering their supported > > > protocols. > > > > Or encrypt, FTP, decrypt, yes? > > > > ---------------------------------------------------------------------- > > For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to [email protected] with the message: GET IBM-MAIN INFO > > Search the archives at http://bama.ua.edu/archives/ibm-main.html > > > > > > "Email Firewall" made the following annotations. > -------------------------------------------------------------------------- > ---- > > Warning: > All e-mail sent to this address will be received by the corporate e-mail > system, and is subject to archival and review by someone other than the > recipient. This e-mail may contain proprietary information and is > intended only for the use of the intended recipient(s). If the reader of > this message is not the intended recipient(s), you are notified that you > have received this message in error and that any review, dissemination, > distribution or copying of this message is strictly prohibited. If you > have received this message in error, please notify the sender immediately. > > ========================================================================== > ==== > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: GET IBM-MAIN INFO > Search the archives at http://bama.ua.edu/archives/ibm-main.html ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
