Information about http://jadedpixel.com/assets/2006/11/9/ScanAlert_PCIComplianceReport.pdf

PCI Compliance…

Tags: accuracy, assessment results, audit report, backups, certificate number, compliance report, confidential information, executive summary this report, information disclaimer, rbc centura, regulatory compliance, scan results, scanalert, sdp, section 1, security audit, security policy, security scan, self assessment, vulnerability audit,
Pages: 6
Language: english
Created: Wed Nov 8 05:45:21 2006
Display cached document
Page 1
image
Page 2
image
Page 3
image
Page 4
image
Page 5
image
Page 6
image
                                                  PCI Compliance Report

                                                              Jaded Pixel Inc.


                                                                        CA


                                                              RBC Centura###


                                                            08-NOV-2006 08:45




                                            ScanAlert Inc. has determined that 'Jaded Pixel Inc.' is
                                                COMPLIANT with the PCI scan requirement.


Confidential Information
The following report contains confidential information. Do not distribute, email, fax or transfer via any electric mechanism unless it has been
approved by your organization's security policy. All copies and backups of this document should be maintained on protected storage at all times. Do
not share any of the information contained within this report with anyone unless you confirm they are authorized to view the information.

Disclaimer
This, or any other, vulnerability audit cannot and does not guarantee security. ScanAlert makes no warranty or claim of any kind, whatsoever, about
the accuracy or usefulness of any information provided herein. By using this information you agree that ScanAlert shall be held harmless in any
event. ScanAlert makes this information available solely under its Terms of Service Agreement published at www.scanalert.com.
 Table Of Contents
            Section
 1                          Executive Summary
 2                          ScanAlert's Certification of Regulatory Compliance
 3                          Compliance Glossary
 4                          PCI Self-Assessment Results
 5                          PCI Security Scan Results




Confidential - ScanAlert Security Audit Report                                   Page 2
 1 - Executive Summary


 This report was generated by the SDP compliant scanning vendor ScanAlert, under certificate number 3709-01-01 in the framework of the PCI data
 security initiative and took into consideration security requirements as expressed in the MasterCard SDP Security Standard.


 As a "Qualified Independent Scan Vendor" ScanAlert is accredited by Visa, MasterCard, American Express, Discover Card and JCB to perform network
 security audits conforming to the Payment Card Industry (PCI) Data Security Standards.


 To earn validation of PCI compliance, network devices being audited must pass tests that probe all of the known methods hackers use to access private
 information, in addition to vulnerabilities that would allow malicious software (i.e. viruses and worms) to gain access to or disrupt the network devices
 being tested.


 NOTE: In order to demonstrate compliance with the PCI Data Security Standard a vulnerability scan must have been completed within the past 90 days
 with no vulnerabilities listed as URGENT, CRITICAL or HIGH (numerical severity ranking of 3 or higher) present on any device within this report.
 Additionally, Visa and MasterCard regulations require that you configure your scanning to include all IP addresses, domain names, DNS servers, load
 balancers, firewalls or external routers used by, or assigned to, your company, and that you configure any IDS/IPS to not block access from the
 originating IP addresses of our scan servers.




 2 - ScanAlert's Certification of Regulatory Compliance


 HACKER SAFE sites are tested and certified daily by ScanAlert to meet all U.S. Government requirements for remote vulnerability testing as set forth by
 the National Infrastructure Protection Center (NIPC) and are accredited by the SANS Institute to meet the requirements of the SANS/FBI "Top Twenty
 Internet Securities Vulnerabilities" test. They are also certified to meet the security scanning requirements of Visa USA's Cardholder Information Security
 Program (CISP), Visa International's Account Information Security (AIS) program, MasterCard Internationals's Site Data Protection (SDP) program,
 American Express' CID security program, the Discover Card Information Security and Compliance (DISC) program within the framework of the Payment
 Card Industry (PCI) Data Security Standard.




Confidential - ScanAlert Security Audit Report                                                                                                             Page 3
 3 - Compliance Glossary
                                                                  ScanAlert HACKER SAFEŽ


 Signifies device, as of the date of this report, is compliant with ScanAlert's HACKER SAFE certification.


 Network devices certified as HACKER SAFE are tested daily and certified to pass all external vulnerability audit recommendations of the Department of
 Homeland Security's National Infrastructure Protection Center (NIPC) and the requirements of the Payment Card Industry Data Security Standard (PCI-
 DSS). HACKER SAFE certification also meets the requirements for network vulnerability audits of the CHILDREN'S ONLINE PRIVACY PROTECTION
 ACT OF 1998, the HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA), the GRAMM-LEACH-BAILEY ACT (GLBA)
 protecting financial information, and the SARBANES-OXLEY ACT (SOX).

                                                    Payment Card Industry (PCI) Data Security Standard


 PCI COMPLIANCE - Signifies device, as of the date of this report, is compliant with the remote vulnerability audit requirements of the Payment Card
 Industry Data Security Standard (PCI-DSS), Visa USA's Cardholder Information Security Program (CISP), Visa International's Account Information
 Security (AIS) program, MasterCard International's Site Data Protection (SDP) program, the American Express Data Security Standards (DSS), and
 Discover Card's DISC program.

 4 - PCI Self-Assessment Results
                                        Questionnaire Pass / Fail                                            Pass - 100%
                                      Questionnaire Completion Date                                          02-NOV-2006




Confidential - ScanAlert Security Audit Report                                                                                                           Page 4
 According to the answers provided, all PCI security controls and policies are in place. Therefore your organization is Compliant with Payment
 Card Industry (PCI) Information Security Standards.

 The undersigned hereby certifies that the information contained in this questionnaire is accurate, true and correct in all material respects.


 Company Name: _________________________________________________

 Country: _____________________________________

 Acquiring Bank:___________________________

 Questionnaire completed by: __________________________________

 Date:____________________




Confidential - ScanAlert Security Audit Report                                                                                                   Page 5
 5 - PCI Security Scan Results
                        Name                                   Scan Date          PCI Compliant
 Dynamic IP: Main Office Cable                   06-NOV-2006               Pass
 argon.jadedpixel.com                            02-NOV-2006               Pass




Confidential - ScanAlert Security Audit Report                                                    Page 6