Automated assessment solution for Requirement 1 of the PCI DSS

RedSeal Systems released RedSeal Security Risk Manager (SRM) 3.0 which enables users to automate their assessment of Requirement 1 within the Payment Card Industry’s Data Security Standard (PCI DSS). Using RedSeal SRM 3.0, enterprises no longer have to take a manual, network device by network device approach to assessing their compliance with Requirement 1.

RedSeal SRM 3.0 can identify all network traffic that is allowed between untrusted networks, the DMZ and the cardholder data network as required by PCI-DSS Requirement 1. While enterprises have traditionally focused on manually reviewing their firewall policies, RedSeal SRM 3.0 goes beyond these measures and determines all traffic allowed between any two points. Enterprises no longer have to attempt to manually determine the effects of their firewall policies, and can instead focus their efforts on understanding exactly where they stand in addressing PCI-DSS Requirement 1. Additionally, a PCI-DSS Requirement 1 compliance report can be generated and used for sharing the results of the assessment with the enterprise’s Qualified Security Assessor (QSA).

RedSeal SRM 3.0 features include:

• Complete Lifecycle Management to track defects such as exposed vulnerabilities, misconfigurations and policy violations from identification through remediation. Alerts are generated if a defect is not remediated within a certain amount of time, based on internal policies, and reports can be delivered via e-mail based on a schedule or immediately after analysis completes.
• Custom Network Device Configuration Policies provide users with the ability to define a “golden configuration” standard for their network devices. Enterprises can ensure that their network devices are configured based on their own internal requirements.
• Enhanced Asset Management allows for the organization of the network topology to be based on an enterprise’s specific requirements such as location, business unit, or services. RedSeal SRM 3.0 supports dynamic criteria based policies which allow for the automatic organization of assets based on a variety of options including metric values, software, IP address, host/device name and primary service.