topleft
USA: 703.483.6383
India: +91.9820293399
contact@controlcase.com
SITE NAVIGATION
   
Overview | FAQ | PCI Requirements | PCI Methodology | Regional Contacts
 
Site Search
 
 
bookmark
contact us
 
c1

ControlCase offers the following standardized methodology of PA-DSS certification for all its clients,

The methodology consists of the following three phases.

Phase 1: Gap Analysis: ControlCase will perform a gap analysis and perform the required testing to be able to inform the client of the controls that need remediation to achieve PA DSS compliance. The assessment will include a review of the technology environment and supporting technical documentation. The assessment process may include interviews with company personnel to determine what PA DSS requirements are in place and where remediation is required.

The following are common gaps that are found in PA-DSS gap analysis phase which are to be corrected by the client during subsequent phases,

  • Lack of web application vulnerability process (manual or automated) with a view to remove any OWASP or web based vulnerabilities
  • Lack of network/operating system level vulnerability assessment process with a view to remove web server and other infrastructure related vulnerabilities
  • In cases on non browser based applications (such as Java, C++, .net etc.) lack of code reviews (manual or automated) is commonly identified as a gap.

While ControlCase does provide offerings to address the gaps mentioned above, they are not included as part of the PA DSS proposal. In case you feel necessary to subscribe to code review, application vulnerability or network layer vulnerability services, a separate proposal will be provided.

Phase 2: Remediation plan and support: ControlCase will keep a track of all remediation efforts and provide monthly status report to the client for the remediation steps. During this time, client is expected to implement PA DSS controls and inform ControlCase continuously of all remediation measures.

Phase 3: PA DSS Certification: ControlCase will, as required for the project, obtain a working copy of the product to be tested in its laboratories in Washington DC or Mumbai, India OR will require performing tests in client laboratories. After going through internal quality procedures the client will be issued a PA DSS compliant report upon review by VISA and/or PCI Security Council.

ControlCase will use technologies to perform code reviews, vulnerability scans and cardholder data search techniques to validate that the application is compliant to standards.

For any additional information on PA DSS services, please contact ControlCase at contact@controlcase.com
c8
 
Legal Notice | Privacy Policy | © 2005-2008 ControlCase, LLC. All Rights Reserved.
 
topright