Posted by
David E. Jones on
Nov 22, 2005; 9:59pm
URL: http://ofbiz.116.s1.nabble.com/OFBiz-Users-CISP-PCI-Compliance-tp136531p136537.html
We have gone through this with a couple of clients already and OFBiz
is sufficient for the requirements (like encrypting stored data with
the Entity Engine and encrypting remote communications with the
Service Engine, and those are used with the CC and related stuff,
also we don't store PVV/CVV/CVC2 values), but like Si is saying it
all depends on how you use it.
Many of the requirements there are corporate policy and things that
the system cannot enforce, and the integrator can't enforce them
either. For example the one account per person for all system
interactions requirement is something that company employees have to
keep up with all the time. It means they only ever use their own
account and they never share passwords and such. OFBiz has sufficient
functionality to avoid users having to give their passwords to IT or
admin folks over the phone and such, and that is important, as are
many other things.
-David
On Nov 22, 2005, at 1:39 PM, Si Chen wrote:
> You can pretty much configure them however you want. The security
> model is very sophisticated and should not be a problem.
>
> Erik Earle wrote:
>
>> Yes, I agree that most of it is policy, but there are
>> some issues around administrative accounts and
>> password policies that would relate to ofbiz parties.
>>
>> I guess it's up to the integrator of OFBiz to
>> implement policies.
>>
>> --- Si Chen <
[hidden email]> wrote:
>>
>>
>>> I've read this before, but just to be sure, I read
>>> this again:
>>>
>>>
>>
http://usa.visa.com/download/business/accepting_visa/
>> ops_risk_management/cisp_PCI_Data_Security_Standard.pdf?it=il|/
>> business/accepting_visa/ops_risk_management/cisp.html|PCI%20Data%
>> 20Security%20Standard
>>
>>> Except for the protection of customer data by
>>> encryption, everything else seems to be related to your particular
>>> management practices: install a firewall, run antivirus programs,
>>> have an
>>> information security policy in place.
>>>
>>> So what else falls upon an application like OFBiz,
>>> in your opinion?
>>>
>>> Si
>>>
>>> Erik Earle wrote:
>>>
>>>
>>>> There is alot more to it than that.
>>>>
>>>>
>>>
http://usa.visa.com/business/accepting_visa/ops_risk_management/
>>> cisp.html
>>>
>>>>
>>>> --- Si Chen <
[hidden email]>
>>>>
>>> wrote:
>>>
>>>>
>>>>
>>>>> You mean "Open For Business"?
>>>>>
>>>>> If you're asking about encrypting customer credit
>>>>> cards, it does that.
>>>>>
>>>>> Erik Earle wrote:
>>>>>
>>>>>
>>>>>
>>>>>> Anyone know if Open for Commerce is up to snuff
>>>>>>
>>>>>>
>>>>> with
>>>>>
>>>>>
>>>>>> CISP / PCI Compliance?
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> __________________________________ Yahoo! Mail - PC Magazine
>>>>>> Editors' Choice 2005
http://mail.yahoo.com>>>>>>
>>>>>> _______________________________________________
>>>>>> Users mailing list
>>>>>>
[hidden email]
>>>>>>
http://lists.ofbiz.org/mailman/listinfo/users>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>> _______________________________________________
>>>>> Users mailing list
>>>>>
[hidden email]
>>>>>
http://lists.ofbiz.org/mailman/listinfo/users>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>> __________________________________ Yahoo! FareChase: Search
>>>> multiple travel sites in
>>>>
>>> one click.
>>>
>>>>
http://farechase.yahoo.com>>>>
>>>> _______________________________________________
>>>> Users mailing list
>>>>
[hidden email]
>>>>
http://lists.ofbiz.org/mailman/listinfo/users>>>>
>>>>
>>>>
>>> _______________________________________________
>>> Users mailing list
>>>
[hidden email]
>>>
http://lists.ofbiz.org/mailman/listinfo/users>>>
>>>
>>
>>
>>
>>
>>
>> __________________________________ Yahoo! Mail - PC Magazine
>> Editors' Choice 2005
http://mail.yahoo.com>> _______________________________________________
>> Users mailing list
>>
[hidden email]
>>
http://lists.ofbiz.org/mailman/listinfo/users>>
>>
> _______________________________________________
> Users mailing list
>
[hidden email]
>
http://lists.ofbiz.org/mailman/listinfo/users_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users