Cavirin Solution Awarded PCI Continuous Compliance Certification

Adaptive Compliance certifies the newly released ARAP 7.6 focused on continuous compliance

SANTA CLARA, Calif.--(BUSINESS WIRE)-- As IT and Information Security audits are becoming the new norm, now more than ever before organizations are scrambling to stay compliant. In response to that growing need, Cavirin’s Automated Risk Assessment Platform (ARAP) helps companies pass their PCI audits and protect themselves from a catastrophic security breach, as well as avoid the financial penalty costs associated with a failure to pass their audit.

“Nobody wants to fail an audit. ARAP can help prepare businesses with an automated easy-to-read report with a pass or fail grade, making it simple to identify gaps that could lead to a breach, and do it in a cost-effective way,” said Cavirin CEO JD Sherry. “The 7.6 release of our platform touts impressive upgrades, such as an improved dashboard now featuring heat maps and trend lines for a complete visibility of cloud and on-premises environments. Staying compliant AND secure just got a whole lot easier and affordable,” Sherry added.

Cavirin’s innovative platform manages the day-to-day challenges of implementing security best practices and assessing operational risk against the major compliance frameworks out there such as PCI, CIS, HIPAA, ISO, NIST, DISA, and more.

As a testament to its unique approach, ARAP just became the first platform to earn an Adaptive Compliance PCI Continuous Compliance Certification. The certification serves as a standardized evaluation of PCI audit tools.

“Continuous compliance is becoming a requirement for a lot of organizations. Now more than ever, there is a growing need and focus on tools that can help with that. For each tool, we measure effectiveness and comprehensiveness in meeting the requirements of the PCI DSS 3.1 framework,” said James Spence, Quality Security Assessor (QSA), Adaptive Compliance. “Tools which earn this certification are proven to confirm that deployed systems match documented configuration standards and defined policies. In addition, it generates reports which are useful and acceptable to the assessed entity and the PCI auditor,” added Spence.

The certification evaluates tools for the following qualities:

• Ensures a secure environment with PCI compliance as a byproduct of security
• Verifies compliance continuously for card data environment systems
• Compatible with private clouds, public clouds and hybrid combinations of both
• Generates reports that helps validate that deployed systems reflect the approved configuration standards, including:
  • All running services, ports and protocols are expected and business justified
  • Local user accounts are authorized
  • PCI required settings, eg., NAT, logging, FIM, AV, are implemented
  • Patching is current and security patches are applied
  • Exceptions are documented for approval by the QSA
• Generates reports acceptable to a QSA as proof of compliance
• Handles a large card data environment without requiring significant technical resources from IT teams.

“As PCI assessors, we have found that one of the top challenges for organizations and the assessing QSA is accurately evaluating baseline configuration standards against the actual configurations. Comparison of the base builds against actual configurations is not just challenging, it is time consuming and often impacts utilization of technical staff, pulling them from production roles to compliance,” commented Spencer.

Cavirin’s ARAP continuously scans the entire infrastructure and allows security and compliance managers to select and define policy, so each build’s actual configuration is compared against the defined policy. The compliance manager can generate reports that are validated configuration standards for each deployed system.

“Achieving this certification validates what we believe and know for a fact – ARAP is the right tool to identify a gap and solve the audit challenges that fast-growing companies are facing today,” commented Sherry. “We are absolutely thrilled to be the first company to get this nod from the industry.”

Quick Links:

For more information about Adaptive Compliance, visit: http://adaptivecompliance.com

For more information about Cavirin, visit: http://www.cavirin.com

To schedule a quick demo of ARAP, contact Cavirin at: http://www.cavirin.com/company/

To test drive Cavirin in your environment, visit: http://www.cavirin.com/try-cavirin-now/

About Adaptive Compliance

Adaptive Compliance is a partnership of information security consultants working to develop information security methodologies for continuous compliance. The partnership is focused on showing its clients how creating secure systems can and should produce compliance as a byproduct without running into the trap of a compliance “silo”, where organizations fetch check-box templates from each year to meet Payment Card Industry (PCI) or other compliance obligations. Adaptive Compliance identifies the tools and creates the process that results in continuous compliance. For more information, visit http://adaptivecompliance.com.

About Cavirin

Cavirin engineers security and compliance solutions to protect the elastic enterprise against destructive cyber threats. Headquartered in Santa Clara, Calif., Cavirin technology provides comprehensive protection in both the datacenter and across multiple cloud instances and accounts. Global enterprise and Software-as-a-Service (SaaS) leaders depend on Cavirin to mitigate dangerous breaches that damage brand integrity and shareholder value. For more information, visit www.cavirin.com and follow @Cavirin on Twitter.

View source version on businesswire.com: http://www.businesswire.com/news/home/20150706005190/en/

Cavirin
Dessi Tomova, 913-948-1220
Integrated Marketing Manager
[email protected]

Source: Cavirin

You May Also Be Interested In

• Cybeats Announces Filing of MCTO Application
• MiniTool Released MovieMaker 7.3.0 with New Audio Resources
• UPDATE: LifeWallet Announces a Comprehensive Settlement with a Group of Affiliated Property & Casualty Insurers