TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ---------------------------------------------------------------------------- You can find the VISA standards at https://www.visa.com/nt/gds/main.html -----Original Message----- From: SCraig [mailto:[EMAIL PROTECTED]] Sent: 13 November 2000 18:14 To: issforum Cc: SCraig Subject: meeting VISAs security stds - ISS policy files? TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ---------------------------------------------------------------------------- Greetings all, I haven't seen the precise items to be in compliance with Visa's required security standards, nor do I know if the specifics exist. It sounds like the standards don't actually exist yet, even though drops are placed in articles such as the one listed below. I come to this understanding based on the statement "The initial seed around which the Center's operational standards are being constructed are the regulations promulgated by VISA for adoption by the 21,000 organizations that use the VISA logo. " from http://www.sans.org/CIS/FAQ.htm <http://www.sans.org/CIS/FAQ.htm> . My question is... will there be "canned" policies which can be used within Internet Scanner and System Scanner that existing ISS customers can use? If so, will they be distributed to everyone, on request, or what? Thanks, Scott http://www.securityfocus.com/news/111 <http://www.securityfocus.com/news/111> Visa to e-Shops: Use Firewalls, or else... The credit card giant prepares to crack down on insecure e-commerce sites. By Kevin <mailto:[EMAIL PROTECTED]> Poulsen November 3, 2000 11:48 AM PT ... " The exact shape of the monitoring has yet to be determined, but Visa plans to begin in May, 2001, and is launching a voluntary program to gently guide e-businesses into compliance before that deadline. "We aren't going to rush into the monitoring, because we want to let them go though a self-assessment process and assess their own security first," says Bruesewitz. Participating businesses will be given self-assessment tests to evaluate their own level of security. Additionally, managed security provider Internet Security Systems (ISS), in a pact with the credit card company, will offer vulnerability testing services to web businesses working towards compliance. "We anticipate that most merchants will want to do this, knowing that they'll have to meet those standard by May," says ISS spokesperson Michelle Norwood. Whether Visa U.S.A, or the merchants, will pay for all that testing hasn't been worked out, Norwood says. " - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Scott Craig Technical Specialist - Information Security Kmart Corporation MS: E2 ; 3100 West Big Beaver Rd; Troy, MI 48084 Phone: (248) 643-1346 Fax : (248) 614-2963
