| 
|
 |
|
|
|
|
PCI Compliance Report
FriendBot
08-SEP-2008 21:52
|
ScanAlert Inc. has determined that 'FriendBot' is
COMPLIANT with the PCI scan requirement.
Confidential Information
The following report contains confidential information. Do not distribute, email, fax or transfer via any electric mechanism unless it has been approved by your organization's security policy. All copies and backups of this document should be maintained on protected storage at all times. Do not share any of the information contained within this report with anyone unless you confirm they are authorized to view the information.
Disclaimer
This, or any other, vulnerability audit cannot and does not guarantee security. ScanAlert makes no warranty or claim of any kind, whatsoever, about the accuracy or usefulness of any information provided herein. By using this information you agree that ScanAlert shall be held harmless in any event. ScanAlert makes this information available solely under its Terms of Service Agreement published at www.scanalert.com.
|
| Table Of Contents |
| Section |
|
 |
| 1 |
Executive Summary |
|
| 2 |
ScanAlert's Certification of Regulatory Compliance |
|
| 3 |
Compliance Glossary |
|
| 4 |
PCI Self-Assessment Results |
|
| 5 |
PCI Security Scan Results |
|
|
| 1 - Executive Summary |
|
|
This report was generated by the SDP compliant scanning vendor ScanAlert, under certificate number 3709-01-01 in the framework of the PCI data security initiative and took into consideration security requirements as expressed in the MasterCard SDP Security Standard.
As a "Qualified Independent Scan Vendor" ScanAlert is accredited by Visa, MasterCard, American Express, Discover Card and JCB to perform network security audits conforming to the Payment Card Industry (PCI) Data Security Standards.
To earn validation of PCI compliance, network devices being audited must pass tests that probe all of the known methods hackers use to access private information, in addition to vulnerabilities that would allow malicious software (i.e. viruses and worms) to gain access to or disrupt the network devices being tested.
NOTE: In order to demonstrate compliance with the PCI Data Security Standard a vulnerability scan must have been completed within the past 90 days with no vulnerabilities listed as URGENT, CRITICAL or HIGH (numerical severity ranking of 3 or higher) present on any device within this report. Additionally, Visa and MasterCard regulations require that you configure your scanning to include all IP addresses, domain names, DNS servers, load balancers, firewalls or external routers used by, or assigned to, your company, and that you configure any IDS/IPS to not block access from the originating IP addresses of our scan servers.
|
|
|
| 2 - ScanAlert's Certification of Regulatory Compliance |
|
|
HACKER SAFE sites are tested and certified daily by ScanAlert to meet all U.S. Government requirements for remote vulnerability testing as set forth by the National Infrastructure Protection Center (NIPC) and are accredited by the SANS Institute to meet the requirements of the SANS/FBI "Top Twenty Internet Securities Vulnerabilities" test. They are also certified to meet the security scanning requirements of Visa USA's Cardholder Information Security Program (CISP), Visa International's Account Information Security (AIS) program, MasterCard Internationals's Site Data Protection (SDP) program, American Express' CID security program, the Discover Card Information Security and Compliance (DISC) program within the framework of the Payment Card Industry (PCI) Data Security Standard.
|
|
|
| 3 - Compliance Glossary |
 ScanAlert HACKER SAFE® |
|
Signifies device, as of the date of this report, is compliant with ScanAlert's HACKER SAFE certification.
Network devices certified as HACKER SAFE are tested daily and certified to pass all external vulnerability audit recommendations of the Department of Homeland Security's National Infrastructure Protection Center (NIPC) and the requirements of the Payment Card Industry Data Security Standard (PCI-DSS). HACKER SAFE certification also meets the requirements for network vulnerability audits of the CHILDREN'S ONLINE PRIVACY PROTECTION ACT OF 1998, the HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA), the GRAMM-LEACH-BAILEY ACT (GLBA) protecting financial information, and the SARBANES-OXLEY ACT (SOX). |
|
 Payment Card Industry (PCI) Data Security Standard |
PCI COMPLIANCE - Signifies device, as of the date of this report, is compliant with the remote vulnerability audit requirements of the Payment Card Industry Data Security Standard (PCI-DSS), Visa USA's Cardholder Information Security Program (CISP), Visa International's Account Information Security (AIS) program, MasterCard International's Site Data Protection (SDP) program, the American Express Data Security Standards (DSS), and Discover Card's DISC program. |
|
 SANS / FBI Top 20 |
Signifies device, as of the date of this report, is free of all vulnerabilities that can be remotely scanned for as listed on the SANS/FBI Top Twenty vulnerabilities list, and meets all US federal government requirements for remote vulnerability testing as set forth by the National Infrastructure Protection Center (NIPC). The SANS Institute has tested and accredited ScanAlert's vulnerability audits to meet these requirements. The SANS/FBI Top Twenty vulnerabilities list is generally regarded as the industry-wide benchmark for network vulnerability assessment.
|
|
|
| 4 - PCI Self-Assessment Results |
|
| Questionnaire Pass / Fail |
Pass - 100% |
|
| Questionnaire Completion Date |
08-SEP-2008 |
|
|
| 5 - PCI Security Scan Results |
| Name |
Scan Date |
PCI Compliant |
|
| www.myspacebot.com |
08-SEP-2008 |
Pass |
|
|
|
|
|
