PCI Compliance

2.1 2.1 Always change vendor-supplied defaults before installing a system on the network—for example, include passwords, simple network management protocol (SNMP) community strings, and elimination of unnecessary accounts. 2.2.1 2.2.1 Implement only one primary function per server. 2.2.2 2.2.2 Disable all unnecessary and insecure services and protocols (services and protocols not directly needed to perform…

Continue reading

PCI Compliance

PCI Compliance & Server General    Section   PCI DSS Requirement  Server General  2.1 Always change vendor-supplied defaults before installing a system on the network—for example, include passwords, simple network management protocol (SNMP) community strings, and elimination of unnecessary accounts.   √       2.2.1 Implement only one primary function per server. √       2.2.2 Disable all unnecessary and insecure services and protocols (services and protocols not directly needed to perform…

Continue reading

HIPAA

HIPAA Security Rule Compliance with Server General The HIPAA Security Rule requires health care organizations (covered entities and their business associates) to secure the protected health information (PHI) under their control at all times. The rule makes specific references to encryption, key management, access controls, risk management and auditing. The HITECH Act, on the other…

Continue reading

Elevating Users From Products to Customers – The GDPR Data Subject Empowerment Strategy

Elevating Users From Products to Customers – The GDPR Data Subject Empowerment The purpose of the General Data Protection Regulation, GDPR, is to protect and strengthen the rights of data subjects/EU citizens. The law grants data subjects rights whereby data controller, the entity that is collecting personal information, has to reveal the actual identity of…

Continue reading

Data Encryption, Think Twice

Enterprises Should Think Twice Before Using Their Cloud Provider’s Data-At-Rest Encryption We live in a multi-cloud world. Managing data security across multiple public clouds can be challenging. There are three main reasons why enterprises should think twice before using data-at-rest encryption solution offered by their cloud provider. If you envision moving from one cloud platform…

Continue reading

CONSENT UNDER THE GDPR

GDPR – How Not To Screw Up Consent? The General Data Protection Regulation, or GDPR, replaces the Data Protection Directive (“Directive”), which has been in effect since 1995. The GDPR became law in April 2016, but organizations were given a two-year grace period to comply. The effective date for compliance is on May 25, 2018….

Continue reading

2018-Q2-Newsletter

GDPR Is Coming, Are You Ready? The Server General team has presented two web seminars on the GDPR. This presentation will give you a quick overview of the new law with special focus on Articles 32 and 34. Big News – A New Managed File Transfer Service Organizations that need to transfer files across geographical…

Continue reading