Learn about PCI Compliance Reporting Functionality

Learn about PCI Compliance Reporting Functionality

Aloha and you’re watching f5 on demand and welcome to In five Minutes or less with Peter Silva and today I’m going to show you in 5 Minutes or less the new PCI Compliance Reporting Functionality in big IP application security manager version 10.1 and as always a special thanks to online stopwatch.com. So let’s start the clock.

So I’ve logged on to a big IP version 10.1 unit and here is the application security module and underneath is web applications which is where you want to click and that will span a new Window and here we have our web applications and this one right here the new test class is the web app that I created and if we go back to the other screen, all you need to do here is classes under applications security which actually takes you to local traffic profiles and this is just so you can see where you would create that and that ‘s where I’d created it just so you know where it is.

So now if we go back to the application security Manager Web Application Screens so here they are listed, now what I want to do is go here to reporting and under reporting there’s a new option called PCI compliance and PCI continues to be a challenge for IT departments and if you’re unaware during the middle to the end of next year 2010 PCI standards organization will be coming out with a new set of requirements for PCI an updated one.

And so here are my test classes listed. It is an active web application if this doesn’t have a green check box it will have an X if it ‘s not active and so this screen displays the application security PCI compliance report for each configured web application. And so you can see at a glance how the report compares to the PCI Security Criteria and then if its either meets the criteria then ASM will show you a green checkmark. If it does not meet the criteria here it will show the red X and with each one you can see view details so it will tell us what’s going on.

So right here protect stored card holder data, so let’s click view details, now it tells me that I need to enable data guard to make sure that numbers sensitive information gets mask on the way out and so we just go over here to data guard. It’s really neat so each one I tell you and we have my web application here and the policy and so I’m just going to check credit cards, I’m going to check SSN and this is very important right here mask data if you forget that then it won’t get set. So just make sure you do this last little check for mask data and click save.

And so here you’ll also see that it is an active policy but it has been modified and change as you can certainly click applied policy now and let’s activate it and you can do this at various points along the way. They’ll always show you an active policy and they’ll be a big red M if the policy has been modified and now the M has disappeared and so we’ve enabled all this and save it. So let’s go back to reporting and PCI compliance.

And so now pretty cool, protect stored, cardholder data as a checkbox and then you can do that for each of this and so if you’re unsure what you need to do to get into compliance for those particular requirements applications security manager will let you know how to achieve it. So it makes PCI compliance quick and simple and so there you have it, that’s to the regular screen in 5Minutes or less. The new big IP application security manager version 10.1, PCI reporting Functionality. Okay Thanks for watching and for f5 this is Peter Silva have a great day.


Transcription by: Scribe4you Transcription Services