Anyone doing PCI with CMOD?

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions

Nolan

#15
February 26, 2015, 09:45:43 PM
Bump.

Anyone had any updates from IBM or solutions for PCI with CMOD (Z/OS)




J.
J.

#zOS #AIX #Windows #Multiplatforms
#DB2 #TSM #ODF #zODF #ODWEK
#CapacityPlanning #AFP #ReportDistribution
#Finance #ICN

Justin Derrick

#16
February 28, 2015, 12:27:57 PM
As a matter of fact, IBM just announced their built-in encryption feature for DB2.  I'm not super-familiar with PCI's requirements, but encryption of database data checks one of the boxes as far as I know.  I haven't seen it in action, but it could be an easy step in the journey to PCI compliance.

-JD.
Call:  +1-866-533-7742  or  eMail:  jd@justinderrick.com
IBM CMOD Wiki:  https://CMOD.wiki/
FREE IBM CMOD Webinars:  https://CMOD.Training/
IBM CMOD Professional Services: https://CMOD.cloud

Interests: #AIX #Linux #Multiplatforms #DB2 #TSM #SP #Performance #Security #Audits #Customizing #Availability #HA #DR

Nolan

#17
March 04, 2015, 10:13:36 PM
Thanks.  Hopefully it does not come with a performance hit.
J.

#zOS #AIX #Windows #Multiplatforms
#DB2 #TSM #ODF #zODF #ODWEK
#CapacityPlanning #AFP #ReportDistribution
#Finance #ICN

Justin Derrick

#18
March 05, 2015, 10:32:36 AM
Also, modern versions of CMOD have the ability to use SSL, ticking another box in the PCI-compliance checklist.  The only thing really missing is the 'tokenization' of credit card numbers.

-JD.
Call:  +1-866-533-7742  or  eMail:  jd@justinderrick.com
IBM CMOD Wiki:  https://CMOD.wiki/
FREE IBM CMOD Webinars:  https://CMOD.Training/
IBM CMOD Professional Services: https://CMOD.cloud

Interests: #AIX #Linux #Multiplatforms #DB2 #TSM #SP #Performance #Security #Audits #Customizing #Availability #HA #DR

Nolan

#19
March 05, 2015, 02:36:17 PM
Which is the golden egg!  :)
J.

#zOS #AIX #Windows #Multiplatforms
#DB2 #TSM #ODF #zODF #ODWEK
#CapacityPlanning #AFP #ReportDistribution
#Finance #ICN

Lars Bencze

#20
November 04, 2015, 01:52:23 PM
Hi, I am new here, and althought this topic has been silent for quite a while, I thought I could add some info.
Back in 2011 or 2012, we got the requirement to PCI-DSS certify the CMOD system of a customer.
They have stored each single receipt for each store worldwide, and they keep them for 11 years (by law).
The requirement that we said yes to was to:
*export each document
* "wash it" from cc number data - i.e. we masked the required numbered of digits by replacing them with asterisks (*) //or maybe it was hash signs (#) can't remember //
* reload it back into OnDemand

NOTE: This would be categorized as option two described by AWHS above - "take CMOD out of scope".

On top of that, all POS systems in all stores had their software upgraded to automatically mask CC number data as described above.
We also require that any new data that is to be archive is "certified free from credit card numbers" - and we of course verify that before we start archiving it.

It was a tedious semi-automatic procedure, but sure enough, we processed and "cleaned" millions of report pages and receipts.
The only downside (which was pretty small) were that some stores complained that they could no longer find customer receipts by searching for CC number. So if that is an important requirement, the "aliase" method described above is probably better.
OnDemand for MP expert. #Multiplatforms #Admin #Scripts #Performance #Support #Architecture #PDFIndexing #TSM/SP #DB2 #CustomSolutions #Integration #UserExits #Migrations #Workflow #ECM #Cloud #ODApi
Print
Go Up Pages 1 2
User actions
SMF 2.1.4 © 2023, Simple Machines
ProCurve Theme Made By : TwitchisMental