Educause Security Discussion mailing list archives
Re: VISA Net audit?
From: Robert Ridenour <ridenour () UTK EDU>
Date: Mon, 6 Jun 2005 09:21:50 -0400
Willis, How did you handle the third party scan part in terms of user and budget? Thanks, Robert L. Ridenour Jr. Information Security Officer University of Tennessee ridenour () utk edu 865-974-8630 -----Original Message----- From: Willis Marti [mailto:wmarti () TAMU EDU] Sent: Friday, June 03, 2005 3:39 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] VISA Net audit?
Our Loans Receivables group called a couple of days ago to alert me to an audit requirement that has been imposed by Visa(Net), for whom we are a "merchant." The process involves a self-assessment, together with a "Quarterly Network Security Scan" that must be conducted by a Visa-certified third party. Have any of you received the same notification? And how did you deal with what we are told is a June 30 compliance date?
The standard changed in January. Best explanation is http://usa.visa.com/business/accepting_visa/ops_risk_management/cisp.html Key point is defining the "merchant". Your credit card volume determines exact requirements. Fortunately all ours are Level 4. It's a pain but we're treating the deadline as real. Installing firewalls and documenting network connected CC processing systems. -- Cheers, Willis Marti Associate Director for Networking Computing & Information Services Texas A&M University
Current thread:
- VISA Net audit? Doug Sandford (Jun 03)
- <Possible follow-ups>
- Re: VISA Net audit? Theresa M Rowe (Jun 03)
- Re: VISA Net audit? Austin Winkleman (Jun 03)
- Re: VISA Net audit? Willis Marti (Jun 03)
- Re: VISA Net audit? Lanham, Sean (Jun 03)
- Re: VISA Net audit? Info (Jun 03)
- Re: VISA Net audit? David Todd (Jun 03)
- Re: VISA Net audit? Mike Iglesias (Jun 03)
- Re: VISA Net audit? Robert Ridenour (Jun 06)
- Re: VISA Net audit? Robert Ridenour (Jun 06)
- Re: VISA Net audit? Willis Marti (Jun 10)