Point-to-Point Encryption (P2PE)
|
|
- Cecil Snow
- 6 years ago
- Views:
Transcription
1 Payment Card Industry (PCI) Pint-t-Pint Encryptin (P2PE) Template fr P2PE Applicatin Reprt n Validatin (Applicatin P-ROV) Applicatin P-ROV Template Fr Applicatins used with PCI P2PE Hardware/Hardware Standard v1.1 and/r PCI P2PE Hardware/Hybrid Standard v1.1 July 2013
2 Dcument Changes Date Dcument Versin Descriptin Pages August T intrduce the template fr submitting Applicatin P-ROVs fr POI applicatins used in PCI Pint-t- Pint Encryptin (P2PE) slutins. This dcument is intended fr use with versin 1.1 f the P2PE Standard, fr Hardware/Hardware P2PE slutins. T accmmdate use f these Applicatin P-ROV Reprting Instructins fr POI applicatins used in Hardware/Hardware and/r Hardware/Hybrid PCI P2PE slutins. July This dcument is intended fr use with the fllwing P2PE Standards: P2PE Standard v fr Hardware/Hardware P2PE slutins P2PE Standard v fr Hardware/Hybrid P2PE slutins. Applicatin P-ROV Template fr Applicatins used with PCI P2PE Hardware/Hardware Standard v1.1 and/r PCI P2PE Hardware/Hybrid Standard v1.1 July 2013 Cpyright 2013 PCI Security Standards Cuncil LLC Page i
3 Table f Cntents Dcument Changes...i Intrductin t P2PE Applicatin P-ROV Template... 1 Applicatin P-ROV Template fr PCI P2PE Hardware/Hardware and Hardware/Hybrid Standard v Cntact Infrmatin and Reprt Date Cntact Infrmatin Cntact Infrmatin (cntinued) Date and Timeframe f Assessment P2PE Versin Executive Summary Applicatin Overview Applicatin Listing Details Pint-f-Interactin Devices (POIs) Applicatin Data Flws Versining Methdlgy Multi-Acquirer / Multi-Slutin Applicatins Implementatin Guide Details Details and Scpe f Applicatin Assessment Applicatin Details Applicatin dependencies Applicatin authenticatin mechanisms Facilities Dcumentatin and Persnnel Interviews Dcumentatin and Persnnel Interviews (cntinued) Findings and Observatins Applicatin P-ROV Template fr Applicatins used with PCI P2PE Hardware/Hardware Standard v1.1 and/r PCI P2PE Hardware/Hybrid Standard v1.1 July 2013 Cpyright 2013 PCI Security Standards Cuncil LLC Page ii
4 Intrductin t P2PE Applicatin P-ROV Template This dcument prvides the template fr cmpleting an Applicatin P-ROV t reprt cmpliance f a POI applicatin intended fr use with PCI P2PE slutins. This template is accmpanied by Applicatin P-ROV Reprting Instructins - Applicatin P-ROV Reprting Instructins Fr Applicatin used with PCI P2PE Hardware/Hardware Standard v1.1 and/r PCI P2PE Hardware/Hybrid Standard v1.1. P2PE assessrs shuld refer t the Reprting Instructins befre beginning an Applicatin P-ROV. Applicatin P-ROVs must be cmpleted in accrdance with the PCI SSC Template and its crrespnding Reprting Instructins. Tables have been included in this template t facilitate the reprting prcess fr certain lists and ther infrmatin as apprpriate. The Applicatin P-ROV Reprting Instructins prvide further instructin n hw t cmplete the Applicatin P-ROV, including the use f tables. Nte: The tables in this template may be mdified t increase/decrease the number f rws, r t change clumn width. Additinal clumns may be added if the assessr feels there is relevant infrmatin t be included that is nt addressed in the current frmat. Hwever, the assessr must nt remve any details frm the tables prvided in this dcument. Cpyright 2013 PCI Security Standards Cuncil LLC Page 1
5 Applicatin P-ROV Template fr PCI P2PE Hardware/Hardware and Hardware/Hybrid Standard v1.1 This template is t be used fr creating an Applicatin P-ROV fr submissin t PCI SSC. Cntent and frmat fr an Applicatin P-ROV is defined as fllws: 1. Cntact Infrmatin and Reprt Date 1.1 Cntact Infrmatin Cmpany name: Cmpany address: Cmpany URL: Cmpany cntact name: Cntact phne number: Cntact address: Applicatin Vendr cntact infrmatin P2PE Assessr Cmpany cntact infrmatin Cmpany name: Cmpany address: Cmpany PCI credentials: P2PE Assessr cntact infrmatin Assessr name: Assessr PCI credentials: Assessr phne number: Assessr address: Cpyright 2013 PCI Security Standards Cuncil LLC Page 2
6 1.1 Cntact Infrmatin (cntinued) P2PE Assessr Quality Assurance (QA) primary cntact infrmatin QA primary cntact name: QA primary cntact phne number: QA primary cntact address: 1.2 Date and Timeframe f Assessment Date f Reprt: Timeframe f assessment: 1.3 P2PE Versin Versin f the P2PE Standard used fr the assessment: Cpyright 2013 PCI Security Standards Cuncil LLC Page 3
7 2. Executive Summary 2.1 Applicatin Overview Applicatin name: Applicatin versin: Nte: Wildcard versin numbers are nt permitted. Descriptin f applicatin functin/purpse: Descriptin f hw the applicatin is sld, distributed, r licensed t third parties: Descriptin f hw the applicatin is designed (fr example, as a standalne applicatin, in mdules, r as part f a suite f applicatins): Descriptin f hw applicatin stres, prcesses and/r transmits accunt data: 2.2 Applicatin Listing Details Has the applicatin been develped in-huse by the slutin prvider fr use nly in their wn slutin? (Yes/N) If Yes, cmplete the fllwing tw bullet pints: Identify the specific P2PE slutin the applicatin is intended fr use with (Include slutin prvider cmpany name and slutin name): Identify whether the applicatin in this P-ROV is t be listed n the PCI SSC List f Validated P2PE Applicatins:* Is the applicatin already listed n the PCI SSC List f Validated P2PE Applicatins? If Yes, cmplete the fllwing: Prvide PCI SSC listing number: * Refer t the P2PE Prgram Guide fr details n applicatin listing prcesses Yes Yes N N Cpyright 2013 PCI Security Standards Cuncil LLC Page 4
8 2.3 Pint-f-Interactin Devices (POIs) Cmplete the fllwing fr all POI devices upn which the applicatin was tested. POI device details (Manufacturer, mdel) PTS apprval number POI device Hardware versin # POI device Firmware versin # 2.4 Applicatin Data Flws Fr each POI the applicatin was tested n: Prvide a high level data flw diagram(s) that shws details f all flws f accunt data, including: All flws and lcatins f encrypted accunt data (including data input, utput, and within the POI) All flws and lcatins f cleartext accunt data (including data input, utput, and within the POI) Identify the fllwing fr each data flw: Hw and where accunt data is transmitted, prcessed and/r stred The types f accunt data invlved (fr example, full track, PAN, expiry date, etc.) All cmpnents invlved in the transmissin, prcessing r strage f accunt data Nte: Include all types f data flws, including any utput t hard cpy / paper media. 2.5 Versining Methdlgy Describe vendr s versining methdlgy as fllws: Descriptin f hw the vendr indicates applicatin changes via their versin numbers: Define what types f changes the vendr includes as a N Impact change: Nte: Refer t the P2PE Prgram Guide fr infrmatin n what cnstitutes a N Impact change Cpyright 2013 PCI Security Standards Cuncil LLC Page 5
9 2.6 Multi-Acquirer / Multi-Slutin Applicatins Identity whether the applicatin is capable f supprting multiple P2PE slutins, r multiple acquirers r payment prcessrs, at the same time: If Yes, prvide a brief descriptin f hw management f the applicatin is t be shared between multiple P2PE slutin prviders / acquirers / payment prcessrs: Yes N 2.7 Implementatin Guide Details Fr each type f POI the applicatin was tested n (as identified in 2.3 abve), prvide details f the applicatin Implementatin Guide used and validated fr this assessment: POI device type: Title f the applicatin Implementatin Guide: Date f the applicatin Implementatin Guide: Versin f the applicatin Implementatin Guide: Prvide details f any additinal vendr dcumentatin that prvides guidance r instructin fr installing and cnfiguring the applicatin that are nt included within the Implementatin Guide (fr example, user guides, installatin instructins etc.): Cpyright 2013 PCI Security Standards Cuncil LLC Page 6
10 3. Details and Scpe f Applicatin Assessment 3.1 Applicatin Details Fr each POI the applicatin was tested n: Prvide detailed descriptins and/r diagrams t illustrate hw the applicatin functins in a typical implementatin. Fr all applicatin functins, prvide the fllwing: Descriptin f all applicatin prcesses related t each functin Descriptin f all cmmunicatin channels, cnnectin methds and cmmunicatin prtcls used by the applicatin, fr all internal and external cmmunicatin channels Details f any prtectin mechanisms (fr example, encryptin, truncatin, masking, etc.) applied t accunt data by the applicatin Other necessary applicatin functins r prcesses, as applicable Identify any functinality f the applicatin that was nt included in the assessment 3.2 Applicatin dependencies Identify and list all applicatin dependencies, including sftware and hardware cmpnents required fr necessary functining f the applicatin: Descriptin f cmpnent necessary fr applicatin functining Type f cmpnent (fr example, sftware, hardware) Rle f cmpnent 3.3 Applicatin authenticatin mechanisms Describe the applicatin s end t end authenticatin methds, as fllws: Authenticatin mechanisms: Authenticatin database: Security f authenticatin data strage: Cpyright 2013 PCI Security Standards Cuncil LLC Page 7
11 3.4 Facilities Identify and describe the lab envirnment used fr this assessment, including whether the lab was prvided by the P2PE assessr r the applicatin vendr. Address f the lab envirnment used fr this assessment: Assessr Lab envirnment Applicatin vendr facilities INCLUDED in assessment Descriptin and purpse f applicatin vendr facility included in applicatin assessment Address f facility Applicatin vendr facilities EXCLUDED frm assessment Descriptin and purpse f applicatin vendr facility excluded frm applicatin assessment Address f facility Explanatin why the facility was excluded frm the assessment 3.5 Dcumentatin and Persnnel Interviews Prvide list f all dcumentatin reviewed fr this applicatin assessment: Dcument Name (including versin, if applicable) Brief descriptin f dcument purpse Dcument date Cpyright 2013 PCI Security Standards Cuncil LLC Page 8
12 3.5 Dcumentatin and Persnnel Interviews (cntinued) Prvide list f all persnnel interviewed fr this applicatin assessment: Name Cmpany Jb Title Tpics cvered Cpyright 2013 PCI Security Standards Cuncil LLC Page 9
13 4. Findings and Observatins P2PE Dmain 2 Requirements and Applicatin Vendr Testing Prcedures frm Applicatin Vendr Assessment 2A-1 The applicatin des nt retain PAN r SAD after applicatin prcessing is cmpleted. 2A-1.1 The applicatin des nt stre PAN r SAD data after prcessing is cmpleted (even if encrypted). Strage f encrypted PAN data is acceptable during the business prcess f finalizing the payment transactin if needed (fr example, ffline transactins). Hwever, at all times, SAD is nt stred after the cmpletin f the transactin. 2A-1.1.a Examine the applicatin s Implementatin Guide required at 2C-3 f this dcument and verify it cntains a detailed descriptin f the functin f the applicatin, including: Hw it uses PAN r SAD fr its applicatin prcessing, and Hw it ensures the applicatin des nt stre PAN r SAD after the applicatin s prcessing is cmplete. 2A-1.1.b Perfrm a surce-cde review t verify that the applicatin is cded such that PAN and SAD are nt stred after applicatin prcessing is cmpleted. 2A-1.1.c Install and cnfigure the applicatin accrding t the applicatin vendr s dcumentatin, including the applicatin s Implementatin Guide. Use frensic tls and/r methds (cmmercial tls, scripts, etc.) t examine all utput created by the applicatin and verify that, by fllwing the Implementatin Guide instructins, PAN and SAD are nt stred after applicatin prcessing is cmpleted. 2A-1.2 A prcess is in place t securely delete any PAN r SAD stred during applicatin prcessing. 2A-1.2.a Examine the applicatin s Implementatin Guide required at 2C-3 f this dcument and verify it describes the methdlgy r prcess used by the applicatin t securely delete any PAN r SAD if stred during applicatin prcessing. 2A-1.2.b Perfrm a surce-cde review and verify that the methdlgy r prcess prvided by the applicatin vendr renders all stred PAN and SAD irrecverable nce applicatin prcessing is cmpleted, in accrdance with industry-accepted standards fr secure deletin f data. Cpyright 2013 PCI Security Standards Cuncil LLC Page 10
14 P2PE Dmain 2 Requirements and Applicatin Vendr Testing Prcedures 2A-1.2.c Install and cnfigure the applicatin accrding t the applicatin vendr s dcumentatin, including the applicatin s Implementatin Guide Use frensic tls and/r methds (cmmercial tls, scripts, etc.) t examine all utput created by the applicatin and verify that, by fllwing the Implementatin Guide instructins, that the methdlgy r prcess prvided by the applicatin vendr renders all PAN and SAD data irrecverable, in accrdance with industry-accepted standards fr secure deletin f data, nce the business prcess f the applicatin is cmpleted. frm Applicatin Vendr Assessment 2A-2 The applicatin des nt transmit clear-text PAN r SAD utside f the device, and nly uses cmmunicatins methds included in the scpe f the PCI-apprved POI device evaluatin. 2A-2.1 The applicatin nly exprts PAN r SAD data that has been encrypted by the firmware f the PCI-apprved POI device, and des nt exprt clear-text PAN r SAD utside f the device. Nte: Output f clear-text data that is verified as being unrelated t any f the PCI payment brands is acceptable. The security f this prcess is assessed at Requirement 2A A-2.1.a Examine the applicatin s Implementatin Guide required at 2C-3 f this dcument and verify it cntains a descriptin f the applicatin s functin including the fllwing: That the applicatin des nt utput clear-text data utside f the device; Whether the applicatin passes encrypted accunt data utside f the device; and If the applicatin passes encrypted accunt data utside f the device, that the applicatin nly exprts PAN r SAD that has been encrypted by the apprved SRED functins f the PCI-apprved POI device. 2A-2.1.b Perfrm a surce-cde review and verify that the applicatin never utputs clear-text accunt data utside f the device. 2A-2.1.c Install and cnfigure the applicatin accrding t the applicatin vendr s dcumentatin, including the applicatin s Implementatin Guide. Use frensic tls and/r methds (cmmercial tls, scripts, etc.) t examine all utput created by the applicatin and verify that, by fllwing the Implementatin Guide instructins, the applicatin des nt utput clear-text accunt data utside f the device. Cpyright 2013 PCI Security Standards Cuncil LLC Page 11
15 P2PE Dmain 2 Requirements and Applicatin Vendr Testing Prcedures frm Applicatin Vendr Assessment 2A-2.2 The applicatin nly uses internal cmmunicatin methds (including all inter-prcess cmmunicatin and authenticatin methds) included in the PCI-apprved POI device evaluatin. These internal cmmunicatin methds must be dcumented. Nte: This applies t all internal cmmunicatins within the device, including when accunt data is passed between applicatins, r t an area f memry r internal file that culd be accessed by ther applicatins, r back t the apprved firmware f the POI. 2A-2.2.a Examine the POI device vendr s security guidance t determine which internal cmmunicatin methds (including fr authenticatin) are apprved in the PCI-apprved POI device evaluatin. Review the applicatin s Implementatin Guide required at 2C-3 f this dcument and cnfirm that it includes the fllwing: A list f internal cmmunicatin methds included in the POI device vendr s security guidance A list f which apprved internal cmmunicatins methds are used by the applicatin. A descriptin f where internal cmmunicatins are used by the applicatin t pass clear-text accunt data within the device (fr example, frm the applicatin t ther applicatins, t an area f memry r internal file that culd be accessed by ther applicatins, r back t the apprved firmware f the POI) Hw t cnfigure the applicatin t use the apprved internal cmmunicatin methds Guidance that use f any ther methd fr internal cmmunicatin is nt allwed. 2A-2.2.b Perfrm a surce-cde review and verify that the applicatin nly uses thse inter-prcess cmmunicatin methds apprved as part f the PCI-apprved POI device evaluatin. Cpyright 2013 PCI Security Standards Cuncil LLC Page 12
16 P2PE Dmain 2 Requirements and Applicatin Vendr Testing Prcedures 2A-2.2.c Install and cnfigure the applicatin accrding t the applicatin vendr s dcumentatin, including the applicatin s Implementatin Guide. Use frensic tls and/r methds (cmmercial tls, scripts, etc.) t examine all utput created by the applicatin and verify that, by fllwing the Implementatin Guide, the applicatin nly uses apprved interprcess cmmunicatins methds (including authenticatin methds) fr all cmmunicatins within the device, including; All flws and strage f clear-text accunt data, between applicatins All flws and strage f clear-text accunt data between the applicatin and the apprved firmware f the POI. frm Applicatin Vendr Assessment 2A-2.3 The applicatin nly uses external cmmunicatin methds included in the PCI-apprved POI device evaluatin. Fr example, the POI may prvide an IP stack apprved per the PTS Open Prtcls mdule that allws fr the use f the SSL/TLS prtcl, r the device may prvide serial prts r mdems apprved by the PTS evaluatin t cmmunicate transactin data encrypted by its PCI PTS SRED functins. Security f applicatins where the POI device implements an IP stack is cvered at Requirement 2B A-2.3.a Examine the POI device vendr s security guidance t determine which external cmmunicatin methds are apprved via the PCI-apprved POI device evaluatin. Review the applicatin s Implementatin Guide required at 2C-3 f this dcument and verify that it cntains the fllwing instructins and that they are cnsistent with the POI device vendr s security guidance: A list f the external cmmunicatin methds included in the POI device vendr s security guidance A list f which apprved external cmmunicatins methds are used by the applicatin A descriptin f where external cmmunicatins are used by the applicatin Instructins fr hw t cnfigure the applicatin t use nly thse apprved methds Guidance that use f any ther methds fr external cmmunicatins is nt allwed 2A-2.3.b Perfrm a surce-cde review and verify that the applicatin des nt implement its wn external cmmunicatin methds (fr example, des nt implement its wn IP stack). Cpyright 2013 PCI Security Standards Cuncil LLC Page 13
17 P2PE Dmain 2 Requirements and Applicatin Vendr Testing Prcedures 2A-2.3.c Install and cnfigure the applicatin accrding t the applicatin vendr s dcumentatin, including the applicatin s Implementatin Guide. Use frensic tls and/r methds (cmmercial tls, scripts, etc.) t examine all utput created by the applicatin and verify that, by fllwing the Implementatin Guide: The applicatin nly uses nly the external cmmunicatin methds) included in the POI device vendr's security guidance fr all external cmmunicatins. frm Applicatin Vendr Assessment 2A-2.4 Ensure that any applicatin functins (fr example, whitelists ) that allw fr the utput f clear-text data limits that utput t nly nn-pci payment brand accunts/cards, and that additins r changes t applicatin functins are implemented as fllws: Cryptgraphically authenticated by the PCI-apprved POI device s firmware Implemented nly by authrized persnnel Dcumented as t purpse and justificatin Reviewed and apprved prir t implementatin Nte: Requirement 2C prhibits unauthenticated changes r updates t applicatins r applicatin functins (fr example, whitelists ). 2A-2.4.a Examine the applicatin s Implementatin Guide required at 2C-3 f this dcument and verify it cntains details t describe any applicatin functins that allw fr the utput f clear-text card data (fr example, thrugh the use f whitelists f BIN ranges), and prvides instructins as fllws: Any such applicatin functins are nly allwed fr nn-pci payment brand accunts/cards. Hw t establish applicatin authenticatin using strng cryptgraphy, with the apprved SRED firmware f the POI device. Only authrized persnnel must be used fr signing and adding applicatin functins fr utput f clear-text data. 2A-2.4.b Perfrm a surce-cde review and verify that the applicatin functins are limited as fllws: The applicatin is able t limit utput t nn-pci payment brand accunts/cards nly. The applicatin requires use f the PCI-apprved POI device s firmware fr cryptgraphic authenticatin. Cpyright 2013 PCI Security Standards Cuncil LLC Page 14
18 P2PE Dmain 2 Requirements and Applicatin Vendr Testing Prcedures 2A-2.4.c Install and cnfigure the applicatin accrding t the applicatin vendr s dcumentatin, including the applicatin s Implementatin Guide. Use frensic tls and/r methds (cmmercial tls, scripts, etc.) t examine all utput created by the applicatin and verify that, when the Implementatin Guide is fllwed, the fllwing is in place: Output f clear-text data is allwed nly fr nn-pci payment brand accunts/cards. Applicatin functins are authenticated using strng cryptgraphy by the apprved SRED firmware f the POI device. frm Applicatin Vendr Assessment 2A-3 All applicatins withut a business need d nt have access t accunt data. (Nte: this Requirement has n applicable testing prcedures fr the Applicatin Vendr assessment) 2B-1 The applicatin is develped accrding t industry-standard sftware develpment life cycle practices that incrprate infrmatin security. 2B-1.1 Applicatins are develped based n industry best practices and in accrdance with the POI device vendr's security guidance, and infrmatin security is incrprated thrughut the sftware develpment life cycle. These prcesses must include the fllwing: 2B-1.1.a Examine written sftware develpment prcesses t verify the fllwing: Prcesses are based n industry standards and/r best practices. Infrmatin security is included thrughut the sftware develpment life cycle 2B-1.1.b Examine the POI device vendr s security guidance, and verify that any specified sftware develpment prcesses are: Incrprated int the applicatin develper s written sftware develpment prcesses Implemented per the POI device vendr's security guidance. 2B-1.1.c Examine the applicatin s Implementatin Guide required at 2C-3 f this dcument and verify it prvides infrmatin frm the POI device vendr s security guidance applicable t the slutin prvider (fr example, applicatin cnfiguratin settings which are necessary fr the applicatin t functin with the device). Cpyright 2013 PCI Security Standards Cuncil LLC Page 15
19 P2PE Dmain 2 Requirements and Applicatin Vendr Testing Prcedures frm Applicatin Vendr Assessment 2B-1.1.d Verify each f the items at 2B thrugh 2B by perfrming the fllwing: Examine written sftware develpment prcesses Interview sftware develpers Examine the applicatin prduct 2B Live PANs are nt used fr testing r develpment. 2B Live PANs r SAD are nt used fr testing r develpment. 2B Test data and accunts are remved befre release t custmer. 2B Test data and accunts are remved befre release t custmer. 2B Custm applicatin accunts, user IDs, and passwrds are remved befre applicatins are released t custmers 2B Custm applicatin accunts, user IDs, and passwrds are remved befre the applicatin is released. 2B-1.2 Applicatin cde and any nn-cde cnfiguratin ptins, such as whitelists, are reviewed prir t release and after any significant change, using manual r autmated vulnerability-assessment prcesses t identify any ptential vulnerabilities r security flaws. The review prcess includes the fllwing: 2B-1.2 Cnfirm the develper perfrms reviews fr all significant applicatin cde changes and alteratins t cde that manages securitysensitive cnfiguratin ptins, such as card whitelists (either using manual r autmated prcesses), as fllws: 2B Review f cde changes by individuals ther than the riginating authr, and by individuals wh are knwledgeable in cde-review techniques and secure cding practices. 2B Cde changes are reviewed by individuals ther than the riginating authr, and by individuals wh are knwledgeable in cdereview techniques and secure cding practices. 2B Review f changes t security-sensitive cnfiguratin ptins, such as whitelists, t cnfirm that they will nt result in the expsure f PCI payment-brand accunts/cards. 2B Changes t cde that manages security-sensitive cnfiguratin ptins, such as whitelists, are reviewed t cnfirm that they will nt result in the expsure f PCI payment-brand accunts/cards. Cpyright 2013 PCI Security Standards Cuncil LLC Page 16
20 P2PE Dmain 2 Requirements and Applicatin Vendr Testing Prcedures frm Applicatin Vendr Assessment 2B Perfrming cde reviews t ensure cde is develped accrding t secure cding guidelines. 2B Cde reviews ensure cde is develped accrding t secure cding guidelines. 2B Cnfirming that apprpriate crrectins are implemented prir t release. 2B Apprpriate crrectins are implemented prir t release. 2B Review and apprval f review results by management prir t release. 2B Review results are reviewed and apprved by management prir t release. 2B-1.3 Develp applicatins based n secure cding guidelines. Cver preventin f cmmn cding vulnerabilities in sftware develpment prcesses. 2B-1.3.a Obtain and review sftware develpment prcesses fr applicatins. Verify the prcess includes training in secure cding techniques fr develpers, based n industry best practices and guidance. 2B-1.3.b Interview a sample f develpers t cnfirm that they are knwledgeable in secure cding techniques. 2B-1.3.c Verify that applicatins are nt vulnerable t cmmn cding vulnerabilities by perfrming manual r autmated penetratin testing that specifically attempts t explit vulnerabilities relevant t the applicatin (an example f such a vulnerability wuld include buffer verflws.) 2B-1.4 All changes t applicatin must fllw change-cntrl prcedures. The prcedures must include the fllwing: 2B-1.4.a Obtain and examine the develper s change-cntrl prcedures fr sftware mdificatins, and verify that the prcedures require the fllwing: Dcumentatin f custmer impact Dcumented apprval f change by apprpriate authrized parties Functinality testing t verify that the change des nt adversely impact the security f the device Back-ut r applicatin de-installatin prcedures Cpyright 2013 PCI Security Standards Cuncil LLC Page 17
21 P2PE Dmain 2 Requirements and Applicatin Vendr Testing Prcedures 2B-1.4.b Examine the applicatin s Implementatin Guide required at 2C-3 f this dcument and verify it includes the fllwing: Dcumentatin abut the impact f the change Instructins abut hw t back ut r de-install applicatins. 2B-1.4.c Examine recent applicatin changes, and trace thse changes back t related change-cntrl dcumentatin. Verify that, fr each change examined, the fllwing was dcumented accrding t the change-cntrl prcedures: frm Applicatin Vendr Assessment 2B Dcumentatin f impact 2B Verify that dcumentatin f custmer impact is included in the change-cntrl dcumentatin fr each change. 2B Dcumented apprval f change by apprpriate authrized parties 2B Verify that dcumented apprval by apprpriate authrized parties is present fr each change. 2B Functinality testing t verify that the change des nt adversely impact the security f the device 2B a Fr each sampled change, verify that functinality testing was perfrmed t verify that the change des nt adversely impact the security f the device. 2B b Verify that all changes (including patches) are tested fr per secure cding guidance befre being released. 2B Back-ut r applicatin de-installatin prcedures 2B Verify that back-ut r prduct de-installatin prcedures are prepared fr each change. Cpyright 2013 PCI Security Standards Cuncil LLC Page 18
22 P2PE Dmain 2 Requirements and Applicatin Vendr Testing Prcedures frm Applicatin Vendr Assessment 2B-2 The applicatin is implemented securely, including the secure use f any resurces shared between different applicatins. 2B-2.1 The applicatin is develped in accrdance with the POI device vendr's security guidance, including specifying that If an applicatin uses an IP stack, it must use the IP stack apprved as part f the PCI-apprved POI device evaluatin. Nte: POI device vendr security guidance is intended fr applicatin develpers, system integratrs, and end-users f the platfrm t meet requirements in the PCI PTS Open Prtcls mdule as part f a PCI-apprved POI device evaluatin. 2B-2.1 Examine the POI device vendr s security guidance t determine which IP stack was apprved via the PCI-apprved POI device evaluatin. Review the applicatin s Implementatin Guide required at 2C-3 f this dcument and cnfirm it includes the fllwing: A descriptin f the IP stack implemented in the POI device Cnfirmatin that the IP stack used by the applicatin is the same ne included in the POI device vendr s security guidance. 2B If an applicatin uses the POI device s IP stack and any f the related OP services, the applicatin must securely use, and integrate with, the fllwing device platfrm cmpnents in accrdance with the POI device vendr's security guidance, including but nt limited t the fllwing: IP and link layer (where implemented by the POI) IP prtcls (where implemented by the POI) Security prtcls, including specific mentin if specific security prtcls r specific cnfiguratins f security prtcls are nt t be used fr financial applicatins and/r platfrm management IP services, including specific mentin if specific IP services r specific cnfiguratins f IP services are nt t be used fr financial applicatins and/r platfrm management (where implemented by the POI) Fr each platfrm cmpnent listed abve, fllw the POI device vendr's security guidance, as applicable t the applicatin s specific business prcessing, with respect t the fllwing: Cnfiguratin and updates Key management Data integrity and cnfidentiality Server authenticatin Cpyright 2013 PCI Security Standards Cuncil LLC Page 19
23 P2PE Dmain 2 Requirements and Applicatin Vendr Testing Prcedures 2B a Examine the POI device vendr s security guidance t determine the fllwing: The IP stack apprved via the PCI-apprved POI device evaluatin Any specific guidance frm the POI device vendr's security guidance that needs t be implemented fr the applicatin Review the applicatin s Implementatin Guide required at 2C-3 f this dcument and cnfirm that it includes the fllwing in accrdance with the POI device vendr's security guidance: A descriptin f the IP stack implemented in the POI device and included in the POI device vendr s security guidance Any instructins n hw t securely cnfigure any cnfigurable ptins, as applicable t the applicatin s specific business prcessing, including: Vulnerability assessment Cnfiguratin and updates Key management Data integrity and cnfidentiality Server authenticatin Any guidance that the device vendr intended fr integratrs/ resellers, slutin prviders, and/r end-users Guidance that nly IP stacks apprved as part f the PTS review can be used frm Applicatin Vendr Assessment Cpyright 2013 PCI Security Standards Cuncil LLC Page 20
24 P2PE Dmain 2 Requirements and Applicatin Vendr Testing Prcedures 2B b Perfrm a surce-cde review and verify that the applicatin: Only uses the IP stack apprved as part f the PCI-apprved POI device evaluatin Was develped accrding t the device vendr s security guidance Is securely integrated with the POI device s IP stack and any OP services in accrdance with the POI device vendr's security guidance, including the fllwing areas fr each platfrm cmpnent used by the POI as it relates t the applicatin s specific prcessing: Vulnerability assessment Cnfiguratin and updates Key management Data integrity and cnfidentiality Server authenticatin 2B c Install and cnfigure the applicatin accrding t the applicatin vendr s dcumentatin, including the applicatin s Implementatin Guide. Use frensic tls and/r methds (cmmercial tls, scripts, etc.) t examine all utput created by the applicatin and verify that, by fllwing the Implementatin Guide, the applicatin nly uses the IP stack included in the PCI-apprved POI device evaluatin. frm Applicatin Vendr Assessment 2B-2.2 The applicatin-develpment prcess includes secure integratin with any resurces shared with r between applicatins. 2B-2.2.a Review the POI device vendr's security guidance and the applicatin s Implementatin Guide required at 2C-3 f this dcument. Cnfirm that the applicatin s Implementatin Guide is in accrdance any applicable infrmatin in the POI device vendr's security guidance, and includes the fllwing: A list f shared resurces A descriptin f hw the applicatin cnnects t and/r uses shared resurces Instructins fr hw the applicatin shuld be cnfigured t ensure secure integratin with shared resurces Cpyright 2013 PCI Security Standards Cuncil LLC Page 21
25 P2PE Dmain 2 Requirements and Applicatin Vendr Testing Prcedures 2B-2.2.b Perfrm a surce-cde review and verify that any cnnectin t r use f shared resurces is dne securely and in accrdance with the device vendr s security guidance. 2B-2.2.c Install and cnfigure the applicatin accrding t the applicatin vendr s dcumentatin, including the applicatin s Implementatin Guide. Use frensic tls and/r methds (cmmercial tls, scripts, etc.) t examine all utput created by the applicatin and verify that, by fllwing the Implementatin Guide, any cnnectins t r use f shared resurces are dne securely and in accrdance with the device vendr s security guidance. frm Applicatin Vendr Assessment 2B-2.3 Applicatins d nt bypass r render ineffective any applicatin segregatin that is enfrced by the POI. 2B-2.3 Perfrm a surce-cde review and verify that applicatins d nt bypass r render ineffective any applicatin segregatin which is enfrced by the POI, in accrdance with the device vendr s security guidance. 2B-2.4 Applicatins d nt bypass r render ineffective any OS hardening implemented by the POI. 2B-2.4 Perfrm a surce-cde review and verify that applicatins d nt bypass r render ineffective any OS hardening which is implemented by the POI, in accrdance with the device vendr s security guidance. 2B-2.5 Applicatins d nt bypass r render ineffective any encryptin r accunt-data security methds implemented by the POI. 2B-2.5 Perfrm a surce-cde review and verify that applicatins d nt bypass r render ineffective any encryptin r accunt-data security methds implemented by the POI, in accrdance with the device vendr s security guidance. 2B-3 The applicatin vendr uses secure prtcls, prvides guidance n their use, and has perfrmed integratin testing n the final applicatin. 2B-3.1 The applicatin develper s prcess includes full dcumentatin, and integratin testing f the applicatin and intended platfrms, including the fllwing: 2B-3.1 Thrugh bservatin and review f the applicatin develper s system develpment dcumentatin, cnfirm the applicatin develper s prcess includes full dcumentatin and integratin testing f the applicatin and intended platfrms, including the fllwing: Cpyright 2013 PCI Security Standards Cuncil LLC Page 22
26 P2PE Dmain 2 Requirements and Applicatin Vendr Testing Prcedures frm Applicatin Vendr Assessment 2B The applicatin develper prvides key-management security guidance describing hw keys and certificates have t be used. Examples f guidance include what SSL certificates t lad, hw t lad accunt-data keys (thrugh the firmware f the device), when t rll keys, etc., The applicatin des nt perfrm accunt-data encryptin since that is perfrmed nly in the firmware f the PCI-apprved POI device.) 2B Review the applicatin s Implementatin Guide required at 2C-3 f this dcument, and cnfirm it includes key-management security guidance fr slutin prviders, describing hw keys and certificates have t be used. 2B The applicatin develper has perfrmed final integratin testing n the device, which includes identificatin and crrectin f any residual vulnerabilities stemming frm the integratin with the vendr s platfrm. 2B Interview applicatin develpers t cnfirm that final integratin testing, which includes identificatin and crrectin f any residual vulnerabilities stemming frm the integratin with the vendr s platfrm, was perfrmed. 2B-4 Applicatins d nt implement any encryptin r key-management functins in lieu f SRED encryptin. All such functins are perfrmed by the apprved SRED firmware f the device. Nte: The applicatin may add, fr example, SSL encryptin t existing SRED encryptin, but cannt bypass r replace SRED encryptin. 2B-4.1 Applicatins d nt bypass r render ineffective any encryptin r key-management functins implemented by the apprved SRED functins f the device. At n time shuld clear-text keys r accunt data be passed thrugh an applicatin that has nt undergne SRED evaluatin. 2B-4.1.a Examine the applicatin s Implementatin Guide required at 2C-3 f this dcument and verify the descriptin f the applicatin s functin includes the fllwing: Cnfirmatin that the applicatin des nt perfrm accunt-data encryptin, nr des it replace the device s SRED encryptin A descriptin f the purpse and encryptin methd fr any encryptin prvided by the applicatin in additin t SRED encryptin Instructins n hw t install the applicatin crrectly 2B-4.1.b Perfrm a surce-cde review t verify that the applicatin s encryptin and key-management functins utilize an apprved functin f the SRED device, and are nt implemented within the applicatin itself. Cpyright 2013 PCI Security Standards Cuncil LLC Page 23
27 P2PE Dmain 2 Requirements and Applicatin Vendr Testing Prcedures 2B-4.1.c Install and cnfigure the applicatin accrding t the applicatin vendr s dcumentatin, including the applicatin s Implementatin Guide and cnfirm that, by fllwing the Implementatin Guide, the applicatin des nt perfrm accunt data encryptin that replaces the SRED encryptin perfrmed by the device. frm Applicatin Vendr Assessment 2C-1 New vulnerabilities are discvered and applicatins are tested fr thse vulnerabilities n an nging basis. 2C-1.1 Sftware develpers must establish and implement a prcess t identify and test their applicatins fr security vulnerabilities. 2C-1.1.a Obtain and examine prcesses t identify new vulnerabilities and test applicatins fr vulnerabilities that may affect the applicatin. Verify the prcesses include the fllwing: Using utside surces fr security vulnerability infrmatin Peridic testing f applicatins fr new vulnerabilities 2C-1.1.b Interview respnsible sftware vendr persnnel t cnfirm the fllwing: New vulnerabilities are identified using utside surces f security vulnerability infrmatin. All applicatins are tested fr vulnerabilities. 2C-1.2 Sftware vendrs must establish and implement a prcess t develp and deply critical security updates t address discvered security vulnerabilities in a timely manner. Nte: A critical security update is ne that addresses an imminent risk t accunt data. 2C-1.2.a Obtain and examine prcesses t develp and deply applicatin security upgrades. Verify that prcesses include the timely develpment and deplyment f critical security updates t custmers. 2C-1.2.b Interview respnsible sftware-vendr persnnel t cnfirm that applicatin security updates are develped and critical security updates are deplyed in a timely manner. Cpyright 2013 PCI Security Standards Cuncil LLC Page 24
28 P2PE Dmain 2 Requirements and Applicatin Vendr Testing Prcedures frm Applicatin Vendr Assessment 2C-2 Applicatins are installed and updates are implemented nly via trusted, signed, authenticated prcesses using an apprved security prtcl evaluated fr the PCIapprved POI device. 2C-2.1 Ensure that all applicatin installatins and updates are authenticated as fllws: 2C-2.1 T cnfirm that all applicatin installatins and updates are authenticated, verify the fllwing: 2C All applicatin installatins and updates nly use an apprved security prtcl f the POI. 2C a Examine the applicatin s Implementatin Guide required at 2C-3 f this dcument and verify that it includes the fllwing: A descriptin f hw the applicatin uses the apprved security prtcl f the POI fr any applicatin installatins and updates Instructins fr hw t use the apprved security prtcl t perfrm applicatin installatins and updates A statement that applicatin installatins and updates cannt ccur except by using the apprved security prtcl f the POI 2C b Perfrm a surce-cde review t verify that the applicatin nly allws installatins and updates using the apprved security prtcl f the POI. 2C c Install and cnfigure the applicatin accrding t the applicatin vendr s dcumentatin, including the applicatin s Implementatin Guide. Use frensic tls and/r methds (cmmercial tls, scripts, etc.) t verify that, by fllwing the Implementatin Guide, the applicatin nly allws installatins and updates using the apprved security prtcl f the POI. 2C d After the applicatin is installed and cnfigured in accrdance with the Implementatin Guide, attempt t perfrm an installatin and an update using nn-apprved security prtcl, and verify that the applicatin will nt allw the installatin r update t ccur. Cpyright 2013 PCI Security Standards Cuncil LLC Page 25
29 P2PE Dmain 2 Requirements and Applicatin Vendr Testing Prcedures frm Applicatin Vendr Assessment 2C Unauthenticated changes are nt allwed (fr example, all changes t cde that manages whitelists must be authenticated). 2C a Examine the applicatin s Implementatin Guide required at 2C-3 f this dcument and verify that it includes the fllwing: A descriptin f hw the applicatin prevents unauthenticated changes r updates A statement that unauthenticated changes r updates t applicatins r applicatins functins (like whitelists ) are nt allwed 2C b Perfrm a surce-cde review t verify that the applicatin des nt allw unauthenticated changes r updates. 2C c Install and cnfigure the applicatin accrding t the applicatin vendr s dcumentatin, including the applicatin s Implementatin Guide. Use frensic tls and/r methds (cmmercial tls, scripts, etc.) t verify that, by fllwing the Implementatin Guide, the applicatin des nt allw unauthenticated changes r updates. 2C d After the applicatin is installed and cnfigured in accrdance with the Implementatin Guide, attempt t add an unauthenticated whitelist and verify that the applicatin will nt allw the update t ccur. 2C The applicatin develper includes guidance fr whever signs the applicatin (including fr whitelists), including requirements fr dual cntrl ver the applicatin-signing prcess. 2C Examine the applicatin s Implementatin Guide required at 2C- 3 f this dcument and verify that it includes the fllwing: Instructins fr hw t sign the applicatin (including whitelists ) Instructins hw t implement the dual cntrl fr the applicatinsigning prcess A statement that all applicatins must be signed via the instructins prvided in the Implementatin Guide. Cpyright 2013 PCI Security Standards Cuncil LLC Page 26
30 P2PE Dmain 2 Requirements and Applicatin Vendr Testing Prcedures frm Applicatin Vendr Assessment 2C-3 Maintain instructinal dcumentatin and training prgrams fr the applicatin s installatin, maintenance/upgrades, and use. 2C-3.1 The prcess t develp, maintain, and disseminate an Implementatin Guide fr the applicatin s installatin, maintenance, upgrades and general use includes the fllwing: 2C-3.1 Examine the Implementatin Guide and related prcesses, and verify the guide is disseminated t all relevant applicatin installers and users (including custmers, resellers, and integratrs). 2C Addresses all requirements in P2PE Dmain 2 wherever the Implementatin Guide is referenced. 2C Verify the Implementatin Guide cvers all related requirements in P2PE Dmain 2. 2C Review f the Implementatin Guide at least annually and upn changes t the applicatin r the P2PE Dmain 2 requirements, and update as needed t keep the dcumentatin current with: Any changes t the applicatin (fr example, device changes/upgrades and majr and minr sftware changes). Any changes t the Implementatin Guide requirements in this dcument. 2C a Verify the Implementatin Guide is reviewed at least annually and upn changes t the applicatin r the P2PE Dmain 2 requirements. 2C b Verify the Implementatin Guide is updated as needed t keep the dcumentatin current with: Any changes t the applicatin (fr example, device changes/upgrades and majr and minr sftware changes). Any changes t the Implementatin Guide requirements in this dcument. 2C Distributin t all new and existing applicatin installers (fr example, slutin prviders, integratr/resellers, etc.), and re-distributin t all existing applicatin installers every time the guide is updated. 2C Verify the Implementatin Guide is distributed t new applicatin installers, and re-distributed t all applicatin installers every time the guide is updated. Cpyright 2013 PCI Security Standards Cuncil LLC Page 27
31 P2PE Dmain 2 Requirements and Applicatin Vendr Testing Prcedures frm Applicatin Vendr Assessment 2C-3.2 Develp and implement training and cmmunicatin prgrams t ensure applicatin installers (fr example, slutin prviders r integratrs/resellers) knw hw t implement the applicatin accrding t the Implementatin Guide. 2C-3.2 Examine the training materials and cmmunicatin prgram, and cnfirm the materials cver all items nted fr the Implementatin Guide thrughut P2PE Dmain 2. 2C Review the training materials fr applicatin installers n an annual basis and whenever new applicatin versins are released. Updated as needed t ensure materials are current with the Implementatin Guide. 2C Examine the training materials fr resellers and integratrs and verify the materials are reviewed n an annual basis and when new applicatin versins are released, and updated as needed. Cpyright 2013 PCI Security Standards Cuncil LLC Page 28
VMware AirWatch Certificate Authentication for Cisco IPSec VPN
VMware AirWatch Certificate Authenticatin fr Cisc IPSec VPN Fr VMware AirWatch Have dcumentatin feedback? Submit a Dcumentatin Feedback supprt ticket using the Supprt Wizard n supprt.air-watch.cm. This
More informationPlease contact technical support if you have questions about the directory that your organization uses for user management.
Overview ACTIVE DATA CALENDAR LDAP/AD IMPLEMENTATION GUIDE Active Data Calendar allws fr the use f single authenticatin fr users lgging int the administrative area f the applicatin thrugh LDAP/AD. LDAP
More informationOmniPCX Record PCI Compliance 2.3
S T R A T E G I C W H I T E P A P E R OmniPCX Recrd PCI Cmpliance 2.3 Alcatel-Lucent Enterprise Services Page 1/11 OmniPCX-Recrd R2.3 PCI Cmpliance White Paper Legal ntice Alcatel, Lucent, Alcatel-Lucent
More informationDate: October User guide. Integration through ONVIF driver. Partner Self-test. Prepared By: Devices & Integrations Team, Milestone Systems
Date: Octber 2018 User guide Integratin thrugh ONVIF driver. Prepared By: Devices & Integratins Team, Milestne Systems 2 Welcme t the User Guide fr Online Test Tl The aim f this dcument is t prvide guidance
More informationWELMEC Guide on evaluation of Purely Digital Parts
WELMEC 10.10 2016 Guide n evaluatin f Purely Digital Parts WELMEC is a cperatin between the legal metrlgy authrities f the Member States f the Eurpean Unin and EFTA. This dcument is ne f a number f Guides
More informationHP Server Virtualization Solution Planning & Design
Cnsulting & Integratin Infrastructure Services HP Server Virtualizatin Slutin Planning & Design Service descriptin Hewlett-Packard Cnsulting & Integratin Infrastructure Cnsulting Packaged Services (HP
More informationRapid Implementation Package
Implementatin Package Implementatin 1 Purpse The purpse f this dcument is t detail thse services BuildingPint NrthEast ( BPNE ) will prvide as part f the Prlg Rapid Implementatin Package. This package
More informationAdmin Report Kit for Exchange Server
Admin Reprt Kit fr Exchange Server Reprting tl fr Micrsft Exchange Server Prduct Overview Admin Reprt Kit fr Exchange Server (ARKES) is an Exchange Server Management and Reprting slutin that addresses
More informationClassFlow Administrator User Guide
ClassFlw Administratr User Guide ClassFlw User Engagement Team April 2017 www.classflw.cm 1 Cntents Overview... 3 User Management... 3 Manual Entry via the User Management Page... 4 Creating Individual
More informationSAS Viya 3.2 Administration: Mobile Devices
SAS Viya 3.2 Administratin: Mbile Devices Mbile Devices: Overview As an administratr, yu can manage a device s access t SAS Mbile BI, either by exclusin r inclusin. If yu manage by exclusin, all devices
More informationStock Affiliate API workflow
Adbe Stck Stck Affiliate API wrkflw The purpse f this dcument is t illustrate the verall prcess and technical wrkflw fr Adbe Stck partners wh want t integrate the Adbe Stck Search API int their applicatins.
More informationUpdate: Users are updated when their information changes (examples: Job Title or Department). o
Learn Basic User Integratin Batch File Prcessing The Learn Basic User Integratin is designed t manage the rganizatinal changes cmpanies are challenged with n a daily basis. Withut a basic type f integratin,
More informationBlackBerry Server Installation and Upgrade Service
Server and Upgrade Service Prgram Descriptin ( Install and Upgrade Service Prgram Descriptin ) NOTE: This dcument includes all attached Annexes, is prvided fr infrmatinal purpses nly, and des nt cnstitute
More informationTPP: Date: October, 2012 Product: ShoreTel PathSolutions System version: ShoreTel 13.x
I n n v a t i n N e t w r k A p p N t e TPP: 10320 Date: Octber, 2012 Prduct: ShreTel PathSlutins System versin: ShreTel 13.x Abstract PathSlutins sftware can find the rt-cause f vice quality prblems in
More informationPatch Management Policy
Patch Management Plicy (Versin 1) Dcument Cntrl Infrmatin: Date: 21/5/18 Master Tracking Name Patch Management Plicy Master Tracking Reference Owning Service / Department Exeter IT Issue: 1 Apprvals: Authrs:
More informationCodeSlice. o Software Requirements. o Features. View CodeSlice Live Documentation
CdeSlice View CdeSlice Live Dcumentatin Scripting is ne f the mst pwerful extensibility features in SSIS, allwing develpers the ability t extend the native functinality within SSIS t accmmdate their specific
More informationDynamic Storage (ECS)
User Guide Dynamic Strage (ECS) Swisscm (Schweiz) AG 1 / 10 Cntent 1 Abut Dynamic Strage... 3 2 Virtual drive, the EMC CIFS-ECS Tl... 4 3 Amazn S3 Brwer... 6 4 Strage Gateway Appliance... 9 5 Amazn S3
More informationHP Universal CMDB. Software Version: Backup and Recovery Guide
HP Universal CMDB Sftware Versin: 10.21 Backup and Recvery Guide Dcument Release Date: July 2015 Sftware Release Date: July 2015 Backup and Recvery Guide Legal Ntices Warranty The nly warranties fr HP
More informationUniversal CMDB. Software Version: Backup and Recovery Guide
Universal CMDB Sftware Versin: 10.32 Backup and Recvery Guide Dcument Release Date: April 2017 Sftware Release Date: April 2017 Backup and Recvery Guide Legal Ntices Warranty The nly warranties fr Hewlett
More informationUPGRADING TO DISCOVERY 2005
Centennial Discvery 2005 Why Shuld I Upgrade? Discvery 2005 is the culminatin f ver 18 mnths wrth f research and develpment and represents a substantial leap frward in audit and decisin-supprt technlgy.
More informationRelease Notes Version: - v18.13 For ClickSoftware StreetSmart September 22, 2018
Release Ntes Versin: - v18.13 Fr ClickSftware StreetSmart September 22, 2018 Cpyright Ntice Cpyright 2018 ClickSftware Technlgies Ltd. All rights reserved. N part f this publicatin may be cpied withut
More informationDELL EMC VxRAIL vcenter SERVER PLANNING GUIDE
WHITE PAPER - DELL EMC VxRAIL vcenter SERVER PLANNING GUIDE ABSTRACT This planning guide discusses guidance fr the varius vcenter Server deplyment ptins supprted n VxRail Appliances. Nvember 2017 TABLE
More informationOracle Health Sciences. InForm Trial Capacity Cloud Service Service Descriptions and Metrics
Oracle Health Sciences InFrm Trial Capacity Clud Service Service Descriptins and Metrics June 29, 2018 Table f Cntents Metric Definitins... 2 Custmer... 2 Glssary... 2 Trial... 2 InFrm Trial Capacity Services
More informationDemand Forecasting. For. Microsoft Dynamics 365 for Operations. Technical Guide. Release 7.1. December 2017
Demand Frecasting Fr Micrsft Dynamics 365 fr Operatins Technical Guide Release 7.1 December 2017 2017 Farsight Slutins Limited All Rights Reserved. Prtins cpyright Business Frecast Systems, Inc. This dcument
More informationLiveEngage and Microsoft Dynamics Integration Guide Document Version: 1.0 September 2017
LiveEngage and Micrsft Dynamics Integratin Guide Dcument Versin: 1.0 September 2017 Cntents Intrductin... 3 Step 1: Sign Up... 3 CRM Widget Signing Up... 3 Step 2: Cnfiguring the CRM Widget... 4 Accessing
More informationTown of Warner, New Hampshire Information Security Policy
Twn f Warner, New Hampshire Infrmatin Security Plicy Date Adpted: Bard f Selectmen David E. Hartman David Karrick, Jr. Clyde Carsn Table f Cntents Table f Cntents 1 Intrductin 2 Ethics and Acceptable Use
More informationOASIS SUBMISSIONS FOR FLORIDA: SYSTEM FUNCTIONS
OASIS SUBMISSIONS FOR FLORIDA: SYSTEM FUNCTIONS OASIS SYSTEM FUNCTIONS... 2 ESTABLISHING THE COMMUNICATION CONNECTION... 2 ACCESSING THE OASIS SYSTEM... 3 SUBMITTING OASIS DATA FILES... 5 OASIS INITIAL
More informationManaging User Accounts
A variety f user types are available in Lighthuse Transactin Manager (LTM) with cnfigurable permissins that allw the Accunt Administratr and administratr-type users fr the accunt t manage the abilities
More informationROCK-POND REPORTING 2.1
ROCK-POND REPORTING 2.1 AUTO-SCHEDULER USER GUIDE Revised n 08/19/2014 OVERVIEW The purpse f this dcument is t describe the prcess in which t fllw t setup the Rck-Pnd Reprting prduct s that users can schedule
More informationIntegrating QuickBooks with TimePro
Integrating QuickBks with TimePr With TimePr s QuickBks Integratin Mdule, yu can imprt and exprt data between TimePr and QuickBks. Imprting Data frm QuickBks The TimePr QuickBks Imprt Facility allws data
More informationE-Lock Policy Manager White Paper
White Paper Table f Cntents 1 INTRODUCTION... 3 2 ABOUT THE POLICY MANAGER... 3 3 HOW E-LOCK POLICY MANAGER WORKS... 3 4 WHAT CAN I DO WITH THE POLICY MANAGER?... 4 4.1 THINGS YOU CONTROL IN SIGNING...
More informationInfrastructure Series
Infrastructure Series TechDc WebSphere Message Brker / IBM Integratin Bus Parallel Prcessing (Aggregatin) (Message Flw Develpment) February 2015 Authr(s): - IBM Message Brker - Develpment Parallel Prcessing
More informationOracle CPQ Cloud Release 1. New Feature Summary
Oracle CPQ Clud 2017 Release 1 New Feature Summary April 2017 1 TABLE OF CONTENTS REVISION HISTORY... 3 ORACLE CPQ CLOUD... 4 MODERN SELLING EXPERIENCE... 4 Deal Negtiatin... 4 REST API Services... 4 ENTERPRISE
More informationSERVICE LEVEL AGREEMENT. Mission: Certificates Management
SERVICE LEVEL AGREEMENT BSM: This SLA is cvered by BSM s fr Infrastructure, Supprt and Prjects This SLA is a cmplement t the Master Service Agreement V5.0 as described in art 2.2 (MSA) Missin: Certificates
More informationINSTALLING CCRQINVOICE
INSTALLING CCRQINVOICE Thank yu fr selecting CCRQInvice. This dcument prvides a quick review f hw t install CCRQInvice. Detailed instructins can be fund in the prgram manual. While this may seem like a
More informationCustomer Information. Agilent 2100 Bioanalyzer System Startup Service G2949CA - Checklist
This checklist is used t prvide guidance and clarificatin n aspects f the auxillary Startup Service (G2949CA) including Security Pack Installatin and Familiarizatin f yur Agilent 2100 Bianalyzer System
More informationRISKMAN REFERENCE GUIDE TO USER MANAGEMENT (Non-Network Logins)
Intrductin This reference guide is aimed at managers wh will be respnsible fr managing users within RiskMan where RiskMan is nt cnfigured t use netwrk lgins. This guide is used in cnjunctin with the respective
More informationCisco Tetration Analytics, Release , Release Notes
Cisc Tetratin Analytics, Release 1.102.21, Release Ntes This dcument describes the features, caveats, and limitatins fr the Cisc Tetratin Analytics sftware. Additinal prduct Release ntes are smetimes updated
More informationAvaya Oceanalytics Insights for Elite Release Notes Issue 1.0 November 30, 2017
Avaya Oceanalytics Insights fr Elite 3.3.0.0 Issue 1.0 Nvember 30, 2017 TABLE OF CONTENTS 1. PURPOSE... 3 2. AVAYA OCEANALYTICS ELITE 3.3.0.0 RELEASE... 3 2.1 NEW INSTALL... 4 2.2 NEW IN AVAYA OCEANALYTICS
More informationYour New Service Request Process: Technical Support Reference Guide for Cisco Customer Journey Platform
Supprt Guide Yur New Service Request Prcess: Technical Supprt Reference Guide fr Cisc Custmer Jurney Platfrm September 2018 2018 Cisc and/r its affiliates. All rights reserved. This dcument is Cisc Public
More information1 Getting and Extracting the Upgrader
Hughes BGAN-X 9202 Upgrader User Guide (Mac) Rev 1.0 (23-Feb-12) This dcument explains hw t use the Hughes BGAN Upgrader prgram fr the 9202 User Terminal using a Mac Nte: Mac OS X Versin 10.4 r newer is
More informationUploading Files with Multiple Loans
Uplading Files with Multiple Lans Descriptin & Purpse Reprting Methds References Per the MHA Handbk, servicers are required t prvide peridic lan level data fr activity related t the Making Hme Affrdable
More informationTechnical Paper. Installing and Configuring SAS Environment Manager in a SAS Grid Environment
Technical Paper Installing and Cnfiguring SAS Envirnment Manager in a SAS Grid Envirnment Last Mdified: Octber 2016 Release Infrmatin Cntent Versin: Octber 2016. Trademarks and Patents SAS Institute Inc.,
More informationService Description: Advanced Services Fixed Price
Page 1 f 6 Service Descriptin: Advanced Services Fixed Price Cisc WLAN Advise and Implement Services Fixed (ASF-CORE-WLAN) This dcument describes Advanced Services Fixed Price: Cisc WLAN Advise and Implement
More informationTechnical Paper. Installing and Configuring SAS Environment Manager in a SAS Grid Environment with a Shared Configuration Directory
Technical Paper Installing and Cnfiguring Envirnment Manager in a Grid Envirnment with a Shared Cnfiguratin Directry Last Mdified: January 2018 Release Infrmatin Cntent Versin: January 2018. Trademarks
More informationAdverse Action Letters
Adverse Actin Letters Setup and Usage Instructins The FRS Adverse Actin Letter mdule was designed t prvide yu with a very elabrate and sphisticated slutin t help autmate and handle all f yur Adverse Actin
More informationOverview of Data Furnisher Batch Processing
Overview f Data Furnisher Batch Prcessing Nvember 2018 Page 1 f 9 Table f Cntents 1. Purpse... 3 2. Overview... 3 3. Batch Interface Implementatin Variatins... 4 4. Batch Interface Implementatin Stages...
More informationCSC IT practix Recommendations
CSC IT practix Recmmendatins CSC Healthcare 17 th June 2015 Versin 3.1 www.csc.cm/glbalhealthcare Cntents 1 Imprtant infrmatin 3 2 IT Specificatins 4 2.1 Wrkstatins... 4 2.2 Minimum Server with 1-5 wrkstatins
More informationGetting Started with the SDAccel Environment on Nimbix Cloud
Getting Started with the SDAccel Envirnment n Nimbix Clud Revisin Histry The fllwing table shws the revisin histry fr this dcument. Date Versin Changes 09/17/2018 201809 Updated figures thrughut Updated
More informationGUIDELINES TUE ENQUIRIES
Wrld Anti-Dping Prgram GUIDELINES TUE ENQUIRIES BY ACCREDITED LABORATORIES Versin 2.0 June 2018 Objective The fllwing guideline is the result f cntinuing effrts t harmnize Labratry reprting prcedures based
More informationManaging Your Access To The Open Banking Directory How To Guide
Managing Yur Access T The Open Banking Directry Hw T Guide Date: June 2018 Versin: v2.0 Classificatin: PUBLIC OPEN BANKING LIMITED 2018 Page 1 f 32 Cntents 1. Intrductin 3 2. Signing Up 4 3. Lgging In
More informationTIBCO Statistica Options Configuration
TIBCO Statistica Optins Cnfiguratin Sftware Release 13.3 June 2017 Tw-Secnd Advantage Imprtant Infrmatin SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE OF SUCH EMBEDDED OR BUNDLED TIBCO
More informationIHIS Research Access Request Guidelines
Eservices: https://sumc.service-nw.cm/ 1. FOR NEWLY HIRED EMPLOYEES: Use On-barding Services & On-Barding Guide Frm Please Nte the fields required fr Research IHIS access are the same as thse utlined in
More informationThe screenshots/advice are based on upgrading Controller 10.1 RTM to 10.1 IF6 on Win2003
Overview The screenshts/advice are based n upgrading Cntrller 10.1 RTM t 10.1 IF6 n Win2003 Other Interim Fix (IF) upgrades are likely t be similar, but the authr cannt guarantee that the dcumentatin is
More informationUpgrade Guide. Medtech Evolution General Practice. Version 1.9 Build (March 2018)
Upgrade Guide Medtech Evlutin General Practice Versin 1.9 Build 1.9.0.312 (March 2018) These instructins cntain imprtant infrmatin fr all Medtech Evlutin users and IT Supprt persnnel. We suggest that these
More informationNiceLabel LMS. Installation Guide for Single Server Deployment. Rev-1702 NiceLabel
NiceLabel LMS Installatin Guide fr Single Server Deplyment Rev-1702 NiceLabel 2017. www.nicelabel.cm 1 Cntents 1 Cntents 2 2 Architecture 3 2.1 Server Cmpnents and Rles 3 2.2 Client Cmpnents 3 3 Prerequisites
More informationManual for installation and usage of the module Secure-Connect
Mdule Secure-Cnnect Manual fr installatin and usage f the mdule Secure-Cnnect Page 1 / 1 5 Table f Cntents 1)Cntents f the package...3 2)Features f the mdule...4 3)Installatin f the mdule...5 Step 1: Installatin
More informationCookbook Qermid Defibrillator web service Version This document is provided to you free of charge by the. ehealth platform
Ckbk Qermid Defibrillatr web service Versin 1.01 This dcument is prvided t yu free f charge by the ehealth platfrm Willebrekkaai 38 38, Quai de Willebrek 1000 BRUSSELS All are free t circulate this dcument
More informationCase Metrics Guide. January 11, 2019 Version For the most recent version of this document, visit our documentation website.
Case Metrics Guide January 11, 2019 Versin 9.6.202.10 Fr the mst recent versin f this dcument, visit ur dcumentatin website. Table f Cntents 1 Case Metrics 3 1.1 Case Metrics Cmpatibility Matrix 3 1.2
More information1 Getting and Extracting the Upgrader
Hughes BGAN-X 9211 Upgrader User Guide (Mac) Rev 1.2 (6-Jul-17) This dcument explains hw t use the Hughes BGAN Upgrader prgram fr the 9211 User Terminal using a Mac Nte: Mac OS X Versin 10.4 r newer is
More informationSOLA and Lifecycle Manager Integration Guide
SOLA and Lifecycle Manager Integratin Guide SOLA and Lifecycle Manager Integratin Guide Versin: 7.0 July, 2015 Cpyright Cpyright 2015 Akana, Inc. All rights reserved. Trademarks All prduct and cmpany names
More informationADSS Server Evaluation Quick Guide
ADSS Server Evaluatin Quick Guide This dcument aims t prvide a quick d this and it wrks guide t evaluating ADSS Enterprise Server as a PDF Signing Server bth fr server-side signing and als fr client-side
More informationTRAINING GUIDE. Overview of Lucity Spatial
TRAINING GUIDE Overview f Lucity Spatial Overview f Lucity Spatial In this sessin, we ll cver the key cmpnents f Lucity Spatial. Table f Cntents Lucity Spatial... 2 Requirements... 2 Setup... 3 Assign
More informationInForm On Demand Enterprise Services Description
InFrm On Demand Enterprise Services Descriptin Versin 7.5 Effective Date: 14-December-2017 This is the InFrm On Demand Enterprise Services Descriptin ( Schedule ) t Yur Study Order fr Oracle InFrm On Demand
More informationElement Creator for Enterprise Architect
Element Creatr User Guide Element Creatr fr Enterprise Architect Element Creatr fr Enterprise Architect... 1 Disclaimer... 2 Dependencies... 2 Overview... 2 Limitatins... 3 Installatin... 4 Verifying the
More informationInstallation and Getting Started
Eurstat Data Transmissin Tls & Services EDAMIS Web Applicatin v3.1 Installatin and Getting Started TABLE OF CONTENTS: 1 Intrductin... 2 2 Installatin... 2 2.1 Prerequisites... 2 2.2 EWA installatin...
More informationEMV. Terminal Type Approval Contactless Product. Administrative Process. Version 2.6 February 2017
EMV Terminal Type Apprval Cntactless Prduct Administrative Prcess Versin 2.6 February 2017 Legal Ntice Page i / v Legal Ntice This dcument summarizes EMVC s present plans fr evaluatin services and related
More informationOO Shell for Authoring (OOSHA) User Guide
Operatins Orchestratin Sftware Versin: 10.70 Windws and Linux Operating Systems OO Shell fr Authring (OOSHA) User Guide Dcument Release Date: Nvember 2016 Sftware Release Date: Nvember 2016 Legal Ntices
More informationInForm On Demand Single Trial Services Description
InFrm On Demand Single Trial Services Descriptin Versin 7.5 Effective Date: 14-December-2017 This is the Services Descriptin fr Oracle InFrm On Demand Single Trial ( Schedule ) t Yur Study Order fr Oracle
More informationHPE LoadRunner Best Practices Series. LoadRunner Upgrade Best Practices
HPE LadRunner Best Practices Series LadRunner 12.50 Upgrade Best Practices Dcument publicatin date: Nvember 2015 Cntents 1. Intrductin... 3 Overview... 3 Audience... 3 2. Preparatin... 3 Backup assets...
More informationOATS Registration and User Entitlement Guide
OATS Registratin and User Entitlement Guide The OATS Registratin and Entitlement Guide prvides the fllwing infrmatin: OATS Registratin The prcess and dcumentatin required fr a firm r Service Prvider t
More informationAdditional License Authorizations
Additinal License Authrizatins Fr HPE CMS SIM Management sftware prducts Prducts and suites cvered PRODUCTS E-LTU OR E-MEDIA AVAILABLE * NON-PRODUCTION USE OPTION HPE Dynamic SIM Prvisining Yes Yes HPE
More informationFile Share Navigator Online
File Share Navigatr Online User Guide Service Pack 7 Issued September 2017 Table f Cntents What s New in this Guide... 4 Abut File Share Navigatr Online... 5 Cmpnents f File Share Navigatr Online... 5
More informationApp Center User Experience Guidelines for Apps for Me
App Center User Experience Guidelines fr Apps fr Me TABLE OF CONTENTS A WORD ON ACCESSIBILITY...3 DESIGN GUIDELINES...3 Accunt Linking Prcess... 3 Cnnect... 5 Accept Terms... 6 Landing Page... 6 Verificatin...
More informationForcepoint UEBA Management of Personal Data
Frcepint UEBA Management f Persnal Data 2018 Frcepint LLC. All Rights Reserved Dcument Classificatin: Public FPWSCMPD-2018MAY24 Frcepint UEBA Management f Persnal Data CONTENTS Disclaimer... 2 General...
More informationImplementing a Data Warehouse with Microsoft SQL Server
Implementing a Data Warehuse with Micrsft SQL Server Implementing a Data Warehuse with Micrsft SQL Server Curse Cde: 20463 Certificatin Exam: 70-463 Duratin: 5 Days Certificatin Track: MCSA: SQL Server
More informationUpgrade Guide. Medtech Evolution Specialist. Version 1.11 Build (October 2018)
Upgrade Guide Medtech Evlutin Specialist Versin 1.11 Build 1.11.0.4 (Octber 2018) These instructins cntain imprtant infrmatin fr all Medtech Evlutin users and IT Supprt persnnel. We suggest that these
More informationThe Reporting Tool. An Overview of HHAeXchange s Reporting Tool
HHAeXchange The Reprting Tl An Overview f HHAeXchange s Reprting Tl Cpyright 2017 Hmecare Sftware Slutins, LLC One Curt Square 44th Flr Lng Island City, NY 11101 Phne: (718) 407-4633 Fax: (718) 679-9273
More informationD e v e l o p e r s G u i d e
A D S S A u t h r i s e d R e m t e S i g n i n g ( A R S ) D e v e l p e r s G u i d e A S C E R T I A LTD S E P T E M B E R 2 0 1 8 D c u m e n t V e r s i n - 5. 9. 0. 1 Ascertia Limited. All rights
More informationKaltura MediaSpace Installation and Upgrade Guide. Version: 5.0
Kaltura MediaSpace Installatin and Upgrade Guide Versin: 5.0 Kaltura Business Headquarters 5 Unin Square West, Suite 602, New Yrk, NY, 10003, USA Tel.: +1 800 871 5224 Cpyright 2013 Kaltura Inc. All Rights
More informationPrivacy Policy. Information We Collect. Information You Choose to Give Us. Information We Get When You Use Our Services
Privacy Plicy Last Mdified: September 26, 2016 Pictry is a fast and fun way t share memes with yur friends and the wrld arund yu. Yu can send a Pictry game t friends and view the pictures they submit in
More informationService Level Agreement
Service Level Agreement Infrastructure Supprt Service This Infrastructure Supprt Service Level Agreement ( SLA ) is incrprated int the Qute executed by TekLinks and Custmer fr Infrastructure Supprt Services
More informationContents: Module. Objectives. Lesson 1: Lesson 2: appropriately. As benefit of good. with almost any planning. it places on the.
1 f 22 26/09/2016 15:58 Mdule Cnsideratins Cntents: Lessn 1: Lessn 2: Mdule Befre yu start with almst any planning. apprpriately. As benefit f gd T appreciate architecture. it places n the understanding
More informationSummary. Server environment: Subversion 1.4.6
Surce Management Tl Server Envirnment Operatin Summary In the e- gvernment standard framewrk, Subversin, an pen surce, is used as the surce management tl fr develpment envirnment. Subversin (SVN, versin
More informationCustomer Upgrade Checklist
Custmer Upgrade Checklist Getting Ready fr Yur Sabre Prfiles Upgrade Kicking Off the Prject Create a prfiles prject team within yur agency. Cnsider including peple wh can represent bth the business and
More informationAnnouncing Veco AuditMate from Eurolink Technology Ltd
Vec AuditMate Annuncing Vec AuditMate frm Eurlink Technlgy Ltd Recrd any data changes t any SQL Server database frm any applicatin Database audit trails (recrding changes t data) are ften a requirement
More informationInvestor Services Online Quick Reference Guide FTP Delivery
The File Transfer Prtcl (FTP) feature f Investr Services Online enables yu t autmatically transmit any reprt frm Investr Services Online n t yur cmpany s FTP servers thrugh a secure methd f cmmunicatin
More informationCustomers should provide all necessary operating supplies upon request of the engineer.
Intuv 9000 GC Installatin Checklist Thank yu fr purchasing an Agilent Instrument slutin. This checklist is used by the installing engineer t ensure that the instrument and assciated systems are crrectly
More informationVMware AirWatch SDK Plugin for Apache Cordova Instructions Add AirWatch Functionality to Enterprise Applicataions with SDK Plugins
VMware AirWatch SDK Plugin fr Apache Crdva Instructins Add AirWatch Functinality t Enterprise Applicatains with SDK Plugins v1.2 Have dcumentatin feedback? Submit a Dcumentatin Feedback supprt ticket using
More informationEnterprise Chat and Developer s Guide to Web Service APIs for Chat, Release 11.6(1)
Enterprise Chat and Email Develper s Guide t Web Service APIs fr Chat, Release 11.6(1) Fr Unified Cntact Center Enterprise August 2017 Americas Headquarters Cisc Systems, Inc. 170 West Tasman Drive San
More informationEView/400i Management Pack for Systems Center Operations Manager (SCOM)
EView/400i Management Pack fr Systems Center Operatins Manager (SCOM) Cncepts Guide Versin 7.0 July 2015 1 Legal Ntices Warranty EView Technlgy makes n warranty f any kind with regard t this manual, including,
More informationCustodial Integrator. Release Notes. Version 3.11 (TLM)
Custdial Integratr Release Ntes Versin 3.11 (TLM) 2018 Mrningstar. All Rights Reserved. Custdial Integratr Prduct Versin: V3.11.001 Dcument Versin: 020 Dcument Issue Date: December 14, 2018 Technical Supprt:
More informationGroup Policy Manager Quick start Guide
Grup Plicy Manager Quick start Guide Sftware versin 4.0.0.0 General Infrmatin: inf@cinsystems.cm Online Supprt: supprt@cinsystems.cm Cpyright CinSystems Inc., All Rights Reserved Page 1 CinSystems Inc.
More informationCONTROL-COMMAND. Software Technical Specifications for ThomX Suppliers 1.INTRODUCTION TECHNICAL REQUIREMENTS... 2
Réf. ThmX-NT-SI-CC001 Table f Cntents Sftware Technical Specificatins fr ThmX Authr : Philippe Page 1 / 9 1.INTRODUCTION... 2 2.TECHNICAL REQUIREMENTS... 2 3.DOCUMENTATION REQUIREMENTS... 4 4.COMPUTING
More informationSoftware Usage Policy Template
Sftware Usage Plicy Template This template is t accmpany the article: The Sftware Usage Plicy - An Indispensible Part f Yu SAM Tlbx The full article can be fund here: http://www.itassetmanagement.net/tag/plicy-template/
More informationHigh Security SaaS Concept Software as a Service (SaaS) for Life Science
Sftware as a Service (SaaS) fr Life Science Cpyright Cunesft GmbH Cntents Intrductin... 3 Data Security and Islatin in the Clud... 3 Strage System Security and Islatin... 3 Database Security and Islatin...
More informationBMC Remedyforce Integration with Remote Support
BMC Remedyfrce Integratin with Remte Supprt 2003-2018 BeyndTrust, Inc. All Rights Reserved. BEYONDTRUST, its lg, and JUMP are trademarks f BeyndTrust, Inc. Other trademarks are the prperty f their respective
More informationXilinx Answer Xilinx PCI Express DMA Drivers and Software Guide
Xilinx Answer 65444 Xilinx PCI Express DMA Drivers and Sftware Guide Imprtant Nte: This dwnladable PDF f an Answer Recrd is prvided t enhance its usability and readability. It is imprtant t nte that Answer
More informationS4S Support Services. Audit4 version 14+ Aug Copyright 2017 S4S Pty Ltd. S4S Pty Ltd. Phone: Web:
S4S Pty Ltd ABN: 26 104 845 909 Phne: 1300 133 308 Web: http://www.s4s.cm.au Audit4 versin 14+ Aug 2018 Cpyright S4S Pty Ltd S4S Supprt prvides cmprehensive services s that yu can get the maximum benefit
More informationOracle FLEXCUBE Universal Banking Development Workbench- Screen Development II
Oracle FLEXCUBE Universal Banking 12.0.3 Develpment Wrkbench- Screen Develpment II August 2013 1 Cntents 1 Preface... 3 1.1 Audience... 3 1.2 Related Dcuments... 3 2 Intrductin... 4 3 Generated Files...
More information