PCI-DSS Compliance
PCI-DSS is an information security standard for payment card applications, therefore your application has to be certified that makes use of YADE.
YADE is a file transfer tool that can be used to fulfill PCI-DSS compliance, it allows
- secure transfer with e.g. FTPS, SFTP, WebDAV protocols across networks and
- insecure transfer with e.g. FTP, HTTP protocols.
YADE is a command line client for File Transfer in batch mode and can be used from
- YADE Command Line Interface
- YADE JITL Jobs
- third party applications using the YADE API.
YADE complies with the PCI-DSS Requirements 3 and 4:
- Requirement 3: Protect stored cardholder data.
- You can use the YADE Credential Store to protect credentials in a secure store.
- Requirement 4: Encrypt transmission of cardholder data across open, public networks.
- You can use any of the above mentioned secure protocols.
- YADE creates its file transfer history locally and in a database for auditing and reporting purposes.
SOX Compliance
Concerning SOX compliance you can build a compliant application with YADE by providing a secure configuration and protocols (see above) and by use of encrypted and signed files with your application.
The JOC Cockpit - File Transfer History provides a detailed history to comply with SOX requirements.
HIPAA Compliance
Concerning HIPAA compliance the YADE Managed File Transfer is a transient service, i.e. YADE does not store files permanently in intermediate locations, see YADE Implementation Architecture and Server-to-Server file transfer without touchdown. Therefore, for a transient file transfer service as YADE that implements PCI-DSS compliance and SOX compliance it should be possible to certify your application.