Skip to end of metadata
Go to start of metadata

PCI-DSS Compliance

PCI-DSS is an information security standard for payment card applications, therefore your application that is executed with JobScheduler has to be certified.

JobScheduler includes YADE, a file transfer tool, that can be used to fulfill PCI-DSS compliance, it allows

  • secure transfer with e.g. FTPS, SFTP, WebDAV protocols across networks and
  • insecure transfer with e.g. FTP, HTTP protocols.

JobScheduler complies with the PCI-DSS Requirements 3 and 4:

  • Requirement 3: Protect stored cardholder data. 
  • Requirement 4: Encrypt transmission of cardholder data across open, public networks. 
    • You can use any of the above mentioned secure protocols with YADE.
    • JobScheduler creates the job history and and job logs in a database for auditing and reporting purposes.

Generally you should follow the guidelines from JobScheduler Secure Operation article to comply with PCI-DSS rules.

SOX Compliance

Concerning SOX compliance you can run an application with JobScheduler by providing a secure configuration and protocols (see above) and by use of encrypted and signed files with your application.

The JOC Cockpit - File Transfer History provides a detailed history to comply with SOX requirements.

HIPAA Compliance

Concerning HIPAA compliance and file transfers the YADE is a transient service, i.e. YADE does not store files permanently in intermediate locations, see YADE Implementation Architecture and Server-to-Server file transfer without touchdown. Therefore, for a transient file transfer service as YADE that implements PCI-DSS compliance and SOX compliance it should be possible to certify your application.

 

  • No labels
Write a comment…