PCI 如何准备安全评估认证.pdf

Prepared for PCI PTS POI v4.x Increase of security demands Place the name of the author / company here Date: 00.00.00, Telephone: 0000000-00000, E-Mail: name@ Prepared for PCI PTS POI v4.x Agenda Evolving the security requirements, increase assurance Advice for the vendor; Support for Brightsight; Prepare evaluation package; The evaluation Process; Experiences; Pittfals; Questions. 2 / 10 Prepared for PCI PTS POI v4.x Preparation upfront Streamline in the process Be up to date with the requirements; PCI specific, follow the technical FAQ; Know what is required for the evaluation: Demands for the assessment; Test tools; Keep lab involved from early design stage (risk management): Design review; Pre-assessment; Preparation of test tools; Preparation of documentation. 3 / 10 Prepared for PCI PTS POI v4.x Brightsight support We help where possible: Be up to date with the requirements; PCI specific, follow the technical FAQ; PCI PTS v4 is new, we have to learn as well;; Training sessions: Requirements in general; Side channel; Security in coding; Software vulnerabilities; Developer support: Design review and pre-assessments; PCI PTS v4 preparation checklist (under construction for v4.x); Evaluation preparation support; Expertise in new demands: Code review; Side channel experiments; Device fuzzing.