> If you don't mind my asking, what was the work effort
> to be able to meet the requirements.
>
> --- Brett Palmer <[hidden email]> wrote:
>
> > A few months ago we went through a CISP internal
> > audit and were able
> > to meet the requirements for CISP with our ofbiz
> > applications.  Most
> > of the changes for us were process  related but we
> > also leveraged the
> > ofbiz security/permissions model to meet some of the
> > requirements.
> >
> > Brett
> >
> > On 11/22/05, David E. Jones <[hidden email]>
> > wrote:
> > >
> > > We have gone through this with a couple of clients
> > already and OFBiz
> > > is sufficient for the requirements (like
> > encrypting stored data with
> > > the Entity Engine and encrypting remote
> > communications with the
> > > Service Engine, and those are used with the CC and
> > related stuff,
> > > also we don't store PVV/CVV/CVC2 values), but like
> > Si is saying it
> > > all depends on how you use it.
> > >
> > > Many of the requirements there are corporate
> > policy and things that
> > > the system cannot enforce, and the integrator
> > can't enforce them
> > > either. For example the one account per person for
> > all system
> > > interactions requirement is something that company
> > employees have to
> > > keep up with all the time. It means they only ever
> > use their own
> > > account and they never share passwords and such.
> > OFBiz has sufficient
> > > functionality to avoid users having to give their
> > passwords to IT or
> > > admin folks over the phone and such, and that is
> > important, as are
> > > many other things.
> > >
> > > -David
> > >
> > >
> > > On Nov 22, 2005, at 1:39 PM, Si Chen wrote:
> > >
> > > > You can pretty much configure them however you
> > want.  The security
> > > > model is very sophisticated and should not be a
> > problem.
> > > >
> > > > Erik Earle wrote:
> > > >
> > > >> Yes, I agree that most of it is policy, but
> > there are
> > > >> some issues around administrative accounts and
> > > >> password policies that would relate to ofbiz
> > parties.
> > > >>
> > > >> I guess it's up to the integrator of OFBiz to
> > > >> implement policies.
> > > >>
> > > >> --- Si Chen <[hidden email]>
> > wrote:
> > > >>
> > > >>
> > > >>> I've read this before, but just to be sure, I
> > read
> > > >>> this again:
> > > >>>
> > > >>>
> > > >>
> >
> http://usa.visa.com/download/business/accepting_visa/
> > > >>
> >
> ops_risk_management/cisp_PCI_Data_Security_Standard.pdf?it=il|/
> > > >>
> >
> business/accepting_visa/ops_risk_management/cisp.html|PCI%20Data%
> > > >> 20Security%20Standard
> > > >>
> > > >>> Except for the protection of customer data by
> > > >>> encryption, everything else seems to be
> > related to your particular
> > > >>> management practices: install a firewall, run
> > antivirus programs,
> > > >>> have an
> > > >>> information security policy in place.
> > > >>>
> > > >>> So what else falls upon an application like
> > OFBiz,
> > > >>> in your opinion?
> > > >>>
> > > >>> Si
> > > >>>
> > > >>> Erik Earle wrote:
> > > >>>
> > > >>>
> > > >>>> There is alot more to it than that.
> > > >>>>
> > > >>>>
> > > >>>
> >
> http://usa.visa.com/business/accepting_visa/ops_risk_management/
> > > >>> cisp.html
> > > >>>
> > > >>>>
> > > >>>> --- Si Chen <[hidden email]>
> > > >>>>
> > > >>> wrote:
> > > >>>
> > > >>>>
> > > >>>>
> > > >>>>> You mean "Open For Business"?
> > > >>>>>
> > > >>>>> If you're asking about encrypting customer
> > credit
> > > >>>>> cards, it does that.
> > > >>>>>
> > > >>>>> Erik Earle wrote:
> > > >>>>>
> > > >>>>>
> > > >>>>>
> > > >>>>>> Anyone know if Open for Commerce is up to
> > snuff
> > > >>>>>>
> > > >>>>>>
> > > >>>>> with
> > > >>>>>
> > > >>>>>
> > > >>>>>> CISP / PCI Compliance?
> > > >>>>>>
> > > >>>>>>
> > > >>>>>>
> > > >>>>>>
> > > >>>>>> __________________________________ Yahoo!
> > Mail - PC Magazine
> > > >>>>>> Editors' Choice 2005 http://mail.yahoo.com
> > > >>>>>>
> > > >>>>>>
> > _______________________________________________
> > > >>>>>> Users mailing list
> > > >>>>>> [hidden email]
> > > >>>>>>
> > http://lists.ofbiz.org/mailman/listinfo/users
> > > >>>>>>
> > > >>>>>>
> > > >>>>>>
> > > >>>>>>
> > > >>>>>>
> > > >>>>>
> > _______________________________________________
> > > >>>>> Users mailing list
> > > >>>>> [hidden email]
> > > >>>>>
> > http://lists.ofbiz.org/mailman/listinfo/users
> > > >>>>>
> > > >>>>>
> > > >>>>>
> > > >>>>
> > > >>>>
> > > >>>> __________________________________ Yahoo!
> > FareChase: Search
> > > >>>> multiple travel sites in
> > > >>>>
> > > >>> one click.
> > > >>>
> > > >>>> http://farechase.yahoo.com
> > > >>>>
> > > >>>>
> > _______________________________________________
> > > >>>> Users mailing list
> > > >>>> [hidden email]
> > > >>>> http://lists.ofbiz.org/mailman/listinfo/users
> > > >>>>
> > > >>>>
> > > >>>>
> > > >>>
> > _______________________________________________
> > > >>> Users mailing list
> > > >>> [hidden email]
> > > >>> http://lists.ofbiz.org/mailman/listinfo/users
> > > >>>
> > > >>>
> > > >>
> > > >>
> > > >>
> > > >>
> > > >>
> > > >> __________________________________ Yahoo! Mail
> > - PC Magazine
> > > >> Editors' Choice 2005 http://mail.yahoo.com
> > > >> _______________________________________________
> > > >> Users mailing list
> > > >> [hidden email]
> > > >> http://lists.ofbiz.org/mailman/listinfo/users
> > > >>
> > > >>
> > > > _______________________________________________
> > > > Users mailing list
> > > > [hidden email]
> >
> === message truncated ===
>
>
>
>
>
> __________________________________
> Yahoo! Mail - PC Magazine Editors' Choice 2005
> http://mail.yahoo.com
>
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.ofbiz.org/mailman/listinfo/users
>