Coalfire Updates Navis Rapid PA-DSS to PCI 3.0 Standards
New tool simplifies process for software vendors to meet new PA-DSS 3.0 standard.
- Denver, CO (1888PressRelease) October 29, 2014 - Coalfire today announced the public availability of its latest release to Navis Rapid PA-DSS.
This release incorporates the new 3.0 security standard for payment applications from the Payment Card Industry Security Standards Council (PCI SSC). Payment application vendors will have to submit compliance validation reports to the PCI 3.0 standard starting January 1, 2015. Existing payment applications certified to the 2.0 standard face expiration at the end of 2015.
"Software vendors using the Navis Rapid PA-DSS tool for the first time are able to quickly understand how the PA-DSS standard applies to their application, ask the right questions the first time, and ultimately be properly prepared for their PA-DSS assessment," says Dan Fritsche, practice director, Coalfire Labs.
Coalfire clients who have previously used the 2.0 version of Navis Rapid PA-DSS will find the new process streamlined and easier to use. All users will be able to identify potential gaps in their applications to the new 3.0 standard, creating an opportunity to fix those gaps before their assessment begins; resulting in saving time and costs associated with remediation and development under tight time constraints.
One of the other significant changes with the new PCI 3.0 standard for payment applications is that once a payment application vendor selects a PCI certified Payment Application Qualified Security Assessor (PCI PA-QSA) to conduct a validation or assessment of their payment application, the payment application vendor is locked in to that assessor. Switching assessors will require the payment application vendor to start the validation and assessment process from the beginning when they bring in a new vendor, per the PCI PA-DSS v3.0 Program Guide (Sections 5.2.2 - 5.2.3.4, pgs. 27-33).
Fritsche also advises that "vendors will want to select a PA-QSA as a trusted assessor for a long term partnership. Simply getting a check-in-the-box Report On Validation (ROV) or a drive-through compliance assessment can have a long-term economic effect. You want a partner with an established track record, and the ability to provide a high quality of service with a proven set of processes. Selecting the wrong PA-QSA can be very risky; a partner who provides inferior service and support, or goes into remediation with the PCI SSC can introduce risk and validation delays thereby increasing risks and costs to the business."
The new release of Navis Rapid PA-DSS 3.0 includes the following improvements and benefits:
• Improved support for enterprise application developers who develop multiple lines of Payment applications.
• Increased visibility for assessors into the status of a software vendor's self-assessment.
• Improved access control options.
• Additional flexibility to support the nuances of software development within the confines of the PA-DSS controls.
• Improved status overviews for overall assessment progress.
• Simplified documentation collection process.
• Guidance support to easily map controls to the PA-DSS standard.
• Improved reporting to assist with gap identification and remediation.
About Coalfire
Coalfire is a global leader in, independent, information technology Governance, Risk and Compliance (IT GRC) that provides IT audit, risk assessment and compliance management solutions. Founded in 2001, Coalfire has offices in Atlanta, Boston, Dallas, Denver, Los Angeles, Manchester (U.K.), New York, San Francisco, Seattle, and Washington D.C. and completes thousands of projects annually in retail, financial services, healthcare, government and utilities. Coalfire's solutions are adapted to requirements under emerging data privacy legislation, the PCI DSS, GLBA, FFIEC, HIPAA/HITECH, HITRUST, NERC CIP, Sarbanes-Oxley, FISMA and FedRAMP.
For more information, visit www.coalfire.com.
###
space
space