Menu

Search

GlobalSCAPE Knowledge Base


Can EFT make my organization compliant? How can I validate whether my organization is compliant?


GlobalSCAPE 5
EFT Express (SMB) & Enterprise

THE INFORMATION IN THIS ARTICLE APPLIES TO:
  • EFT Server, version 6.x and later

QUESTION #1

Can EFT make my organization compliant?

ANSWER #1

GlobalSCAPE’s products can facilitate compliance with several industry and government requirements, but Globalscape’s products themselves do not "make" an organization compliant. For example, EFT provides features that warn you when a setting does not meet certain PCI DSS requirements, which you can then choose to address or not.

QUESTION #2

How can I validate whether my organization is PCI DSS compliant?

ANSWER #2

Validation requirements for PCI DSS compliance depend on the merchant or organization’s tier. Some tiers require only that the organization complete a self-assessment questionnaire. Organizations that process many transactions will typically pay a Qualified Security Assessor (QSA) to evaluate whether the organization complies with all requirements for systems in PCI DSS scope as part of a mandatory quarterly scan. To further complicate matters there is no black-and-white standard by which a QSA will assess an organization; it’s up to the QSA to interpret the PCI DSS requirements the way they understand them. This can result in situations where two different QSAs will come up with different assessments even for the same organization! Interestingly, the final authority on compliance is still the payment card vendors (Visa, MC, Amex, etc.) who reserve the right to overrule a QSA’s assessment. The self-assessment questionnaire (in the PCI DSS Quick Reference Guide) is a good start to determine how far out of compliance you might be and what it will take to get you into compliance.

MORE INFORMATION

Refer to https://kb.globalscape.com/KnowledgebaseArticle11478.aspx for details of how EFT addresses each PCI DSS requirement.

For more information about the PCI DSS, refer to the PCI SSC Data Security Standards Overview


Also In This Category


On a scale of 1-5, please rate the helpfulness of this article


Not Helpful
Very Helpful
Optionally provide private feedback to help us improve this article...

Thank you for your feedback!


Comments require login or registration.

Details
Last Modified: 2 Months Ago
Last Modified By: kmarsh
Type: FAQ
Rated 1 star based on 4 votes.
Article has been viewed 6.4K times.
Options
Find Similar