RE: [ekmi] [Fwd: Analysis of PCI-DSS Encryption & Key Management Requirements]

["Bruce, Timothy R" <Timothy.Bruce@ca.com>]

No call today?  Also, I see that I am still not set as a voting member.
Could you correct this please?

Tim Bruce 
Principal Software Architect, Development 
5465 Legacy Drive 
Plano, Tx.  75024 
tel:  214-473-1917 
fax:  214-473-1069
 
-----Original Message-----
From: Arshad Noor [mailto:arshad.noor@strongauth.com] 
Sent: Saturday, October 18, 2008 9:19 PM
To: ekmi
Subject: [ekmi] [Fwd: Analysis of PCI-DSS Encryption & Key Management
Requirements]

FYI.

-------- Original Message --------
Subject: Analysis of PCI-DSS Encryption & Key Management Requirements
Date: Sat, 18 Oct 2008 18:34:26 -0700
From: Arshad Noor <arshad.noor@strongauth.com>
Organization: StrongAuth, Inc.
To: dataloss@datalossdb.org

Encryption and Key Management raise many questions with respect to
PCI-DSS compliance. This is not surprising since this is the most
complex part of the DSS.

We've spent some time analysing each of the encryption and key-
management requirements and have written a paper discussing them.
I will disclose that the paper also explains, briefly, how the
free and open-source StrongKey Symmetric Key Management System
(SKMS) addresses each of the requirements.

The analysis is available for download at:

http://www.strongauth.com/pdf/Analysis-of-PCI-DSS-1.2-Key-Management-Req
uirements-v1.0.pdf.

We hope the paper is deemed helpful.

If you have any feedback or questions, please let me know directly.
Suggestions for improvement of the paper are always welcome.

Thank you.

Arshad Noor
StrongAuth, Inc.


---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php