|
Are there any tools for System i to do the automated scanning of RPG code
related to security (and associated training) or training focused at
qualifying an individual for the manual review process?
My guess is that there is nothing specific to System i, which is what my
client is looking for. My recommendation will very likely be that they
look at moving those applications covered by PCI off the System i because
it will be simpler to fulfill the requirements of the regulatory bodies.
Which will unfortunately end up with another System i decommissioned.
Kendall Kinnear
From:
"Jim Franz" <franz400@xxxxxxxxxxxx>
To:
"Midrange Systems Technical Discussion" <midrange-l@xxxxxxxxxxxx>
Date:
01/26/2009 09:33 PM
Subject:
Re: Looking for information on PCI Code Security Reviews
This is an explanation of the code review, from the PCI Security Standards
Council (that wrote the
PCI requirements). It's not a 5 or 10 or even 30 word answer... it's a
several pages answer and that
is what you have to read.
https://www.pcisecuritystandards.org/pdfs/infosupp_6_6_applicationfirewalls_codereviews.pdf
btw - I wonder how many in our community of iSeries shops have no clue as
to
the requirements (
entities that transmit, process, or store payment card data) that is due
this Oct and the
consequences of inaction ... https://www.pcisecuritystandards.org/
Jim Franz
----- Original Message -----
From: <KKinnear@xxxxxxxxxx>
To: <MIDRANGE-L@xxxxxxxxxxxx>
Sent: Monday, January 26, 2009 10:42 AM
Subject: Looking for information on PCI Code Security Reviews
I've been inactive for awhile due to medical issues but I'm back andaround
fully
involved again so I thought I'd turn to some of the best experts
for some help.code
I have a client looking for experience with or information concerning
Code
Security Review processes related to System i and/or Infinum. The
Mastercard/Visa PCI requirements specify that when there is custom
that accesses credit card data someone trained in code security mustcorrect.
review the code prior to production implementation. Any information on
best practices or education specifically targeted at System i is
appreciated.
We disagree on the intrepretation of some of the wording. Everything
I've
read says an organization that is trained in Code Security Review must
audit the changes. That could be intrepreted to say that an outside
organization must review the code. My client believes the code can be
reviewed by someone else within the company not involved in the
development project. Any ideas of which intrepretation might be
Thanks for any help!
Kendall Kinnear
Senior Systems Architect
KS2 Technologies, Inc
1020 Mustang Dr
Grapevine, TX 76051
Office: 817.310.1817
Fax: 817.310.1801
Mobile: 214.676.3146
email: KKinnear@xxxxxxxxxx
http://www.ks2inc.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.