Chart Your Course to Affordable PA-DSS Compliance

Rapid PA-DSS Chart Your Course to Affordable PA-DSS Compliance VISA Deadlines for PA-DSS I Newly boarded merchants must not use known vulnerable payment applications, and VisaNet Processors (VNPs) and agents must not certify new payment applications to their platforms that are known vulnerable payment applications 1/1/08 VNPs and agents must only certify new payment applications to their platforms that are PA-DSS compliant 7/1/2008 Newly boarded Level 3 and 4 merchants must be PCI DSS compliant or use PA-DSS compliant applications 10/1/08 VNPs and agents must decertify all vulnerable payment applications 10/1/09 Acquirers must ensure their merchants, VNPs and agents use only PA-DSS compliant applications 7/1/10 II III IV V Self-Help Questionnaire Evidence Management SOURCE: usa.visa.com March 17, 2009 The Coalfire Advantage Rapid PA-DSS empowers application vendors to manage the PA-DSS compliance lifecycle through a self help web platform. Rapid PA-DSS tools stabilize and control costs for the payment application validation process by delivering services on a fixed-fee basis. Working from the premise that the application developer knows the embedded controls better than anyone else, Coalfire provides the Rapid PA-DSS platform and online tools to complete a self-assessment and document the evidence for PA-DSS compliance. Once evidence is consolidated, Coalfire installs your application in our laboratory to complete required independent testing. The result is a quality, fully compliant Report on Validation at much less cost to you. • Reduce Risk – defend yourself when a merchant is compromised and blames your application • No Surprises – fixed cost / no travel • Quality – professional forensic Lab and certified staff • Contain Cost – today and into the future with tools that allow incremental changes • Reduce Complexity – streamlined online process with evidence management library • Easy to Use – intuitive interview style • Instant Feedback – automatic compliance reports and alerts Rapid PA-DSS Rapid PA-DSS -- A Must in a Developer’s Toolkit Coalfire’s Rapid PA-DSS is a Software as a Service offering. Year round access to Rapid PA-DSS for validation updates and automatic renewal notification enables us to sustain compliance reports at a low cost. The online evidence management provides a secure repository of evidence of compliance to protect your company in event of a merchant breach or subsequent investigation. About Coalfire Coalfire is a leading IT Audit and Compliance Management firm that serves commercial and government clients around the world. From its offices in Colorado, Washington, and New York, Coalfire provides services including: IT General Controls Review, IT Audits, Risk Assessments and Compliance Validation services for PCI, GLBA, NERC CIP, HIPAA and FISMA. In addition to traditional IT audits, Coalfire maintains specialized skills and resources to perform penetration testing, application code reviews, and incident response support to include digital forensic analysis. Rapid PA-DSS Features • Expert Online System - screens and selects control requirements that apply to your application • Full Library of PA-DSS controls, templates and sample implementation guides • Insightful, Inline Help – in plain English • Intelligent Scoping – tuned to your application • Remediation Plan Support - assign resources and set completion dates • Annual Re-validation Support – continually update as you make application changes • Central Reporting - for multiple payment applications • Professional Support - live PA-QSA support is available on demand • Evidence Library - simplify validation preparation and litigation support • Management Dashboard - instant progress and gap analysis • Self Help – generates gap analysis and remediation plans • Easy Connections - to expert advice • Team Collaboration - entire development team can contribute to a single program The Coalfire PA-DSS Assessment Lifecycle Phase 1: Preparation at Your Site • Use your expert knowledge of the application to complete the Rapid PA-DSS pre-assessment • Save PA QSA consulting hours with clear and concise Gap Analysis and Remediation Plans included in the self-assessment platform • PCI approved documentation templates are included to accelerate your compliance program Phase 2: Validation Testing in our Forensic Laboratory When you complete Phase 1 and your report is “all green”, a Coalfire PA-QSA will: • Install your application in our laboratory • Review your application documentation • Perform PA-DSS controls testing and document results • Conduct a forensic review of your application components, payment transaction log, and cardholder data storage • Produce a draft Report on Validation (ROV) • Provide a gap analysis and remediation recommendations, if required • Publish a final ROV • Perform an internal quality assurance review • Submit your Report on Validation to the PCI Security Standards Council (SSC) Phase 3: Continuous Compliance • Ongoing evidence management to allow incremental version changes and testing • Ongoing compliance validation oversight for application changes throughout the year • Re-certification notification • Annual ‘no-change’ validation services Colorado | Washington | New York | 877.224.8077 | www.coalfiresystems.com