|
| |
 |
 |
|
|
|
|
Compliance Report
Tropical Lettering
04-AUG-2005 09:29
Confidential Information
The following report contains confidential information. Do not
distribute, email, fax or transfer via any electric mechanism unless it
has been approved by your organization's security policy. All copies
and backups of this document should be maintained on protected storage
at all times. Do not share any of the information contained within this
report with anyone unless you confirm they are authorized to view the
information.
Disclaimer
This, or any other, vulnerability audit cannot and does not guarantee
security. ScanAlert makes no warranty or claim of any kind, whatsoever,
about the accuracy or usefulness of any information provided herein. By
using this information you agree that ScanAlert shall be held harmless
in any event. ScanAlert makes this information available solely under
its Terms of Service Agreement published at www.scanalert.com.
|
| Introduction to ScanAlert's PCI Compliance Audit Report |
As
a "Qualified Independent Scan Vendor" ScanAlert is accredited by Visa,
MasterCard, American Express, Discover Card and JCB to perform network
security audits conforming the Payment Card Industry (PCI) Data
Security Standards.
To earn certification of PCI compliance network devices being
audited must pass tests that probe all of the known methods hackers use
to access private information, in addition to vulnerabilities that
would allow malicious software (i.e. viruses and worms) to gain access
to or disrupt the network devices being tested. This report was
generated in the framework of the SDP Program and took in consideration
security requirements as expressed in the MasterCard Security Standard.
NOTE: In order to demonstrate compliance with the PCI security
standard requirements a vulnerability scan must have been completed
within the past 90 days with no vulnerabilities listed as URGENT,
CRITICAL or HIGH (numerical severity ranking of 3 or higher) present on
any device within this report.
|
| ScanAlert's Certification of Regulatory Compliance |
HACKER
SAFE® sites are tested and certified daily by ScanAlert to meet all
U.S. Government requirements for remote vulnerability testing as set
forth by the National Infrastructure Protection Center (NIPC) and are
accredited by the SANS Institute to meet the requirements of the
SANS/FBI "Top Twenty Internet Securities Vulnerabilities" test. They
are also certified to meet the security scanning requirements of Visa
USA's Cardholder Information Security Program (CISP), Visa
International's Account Information Security (AIS) program, MasterCard
Internationals's Site Data Protection (SDP) program, American Express'
CID security program, the Discover Card Information Security and
Compliance (DISC) program within the framework of the Payment Card
Industry (PCI) Data Security Standard.
|
| Compliance Glossary |
|
 |
ScanAlert HACKER SAFE® |
|
| Signifies
device, as of the date of this report, is compliant with ScanAlert's
HACKER SAFE certification.
Network devices certified as HACKER SAFE are tested daily and certified
to pass all external vulnerability audit recommendations of the
Department of Homeland Security's National Infrastructure Protection
Center (NIPC) and the requirements of the Payment Card Industry Data
Security Standard (PCI-DSS). HACKER SAFE certification also meets the
requirements for network vulnerability audits of the CHILDREN'S ONLINE
PRIVACY PROTECTION ACT OF 1998, the HEALTH INSURANCE PORTABILITY AND
ACCOUNTABILITY ACT OF 1996 (HIPAA), the GRAMM-LEACH-BAILEY ACT (GLBA)
protecting financial information, and the SARBANES-OXLEY ACT (SOX). |
|
 |
Payment Card Industry (PCI) Data Security Standard |
|
| PCI
COMPLIANCE - Signifies device, as of the date of this report, is
compliant with the remote vulnerability audit requirements of the
Payment Card Industry Data Security Standard (PCI-DSS), Visa USA's
Cardholder Information Security Program (CISP), Visa International's
Account Information Security (AIS) program, MasterCard International's
Site Data Protection (SDP) program, the American Express Data Security
Standards (DSS), and Discover Card's DISC program. |
|
 |
SANS / FBI Top 20 |
|
Signifies
device, as of the date of this report, is free of all vulnerabilities
that can be remotely scanned for as listed on the SANS/FBI Top Twenty
vulnerabilities list, and meets all US federal government requirements
for remote vulnerability testing as set forth by the National
Infrastructure Protection Center (NIPC). The SANS Institute has tested
and accredited ScanAlert's vulnerability audits to meet these
requirements. The SANS/FBI Top Twenty vulnerabilities list is generally
regarded as the industry-wide benchmark for network vulnerability
assessment.
|
|
| Report Overview |
|
| Customer Name | Tropical Lettering | |
| Date Generated | 04-AUG-2005 09:29 | |
| Report Type | Compliance | |
| Devices | 1 | |
| Device Groups | 0 | |
| Vulnerabilities | 6 | |
| |
| Report Contents |
|
 Compliance Glossary
PCI Security Scan
PCI Self-Assessment
|
|
| PCI Security Scan Results |
| Name |
Scan Date |
|
PCI Compliant |
|
|
| tropicallettering.com |
06-JUL-2005 |
|
Pass |
|
|
| PCI Self-Assessment Results |
| Questionnaire Pass / Fail | Pass - 100% | |
| Questionnaire Completion Date | 04-AUG-2005 | |
|
|
|
|
|