I was talking to a customer this week about NetScaler Application Firewall (AppFW) and why it is needed on top of their current Network Firewalls. That was an easy discussion, WAF protects apps from SQL injection attacks, XSS attacks, etc while Network Firewalls protection focus on Layer 2 or Layer 3. Then we also talked about making sure that they are PCI DSS (Payment Card Industry Data Security Standard) Compliance since they are also storing, processing or doing transactions that require credit cards…they totally know that they have to be compliant and also making sure they have the reports to show it because I guess everyone in their management and all levels reminds them of that fact! Customer was very excited to see that NetScaler AppFW follows the PCI standards and actually produces PCI DSS report that consists a list of the PCI DSS criteria. PCI DSS as you see in Wiki is an info security standard for orgs that handle cardholder info for the major credit, debit, prepaid, ATM and POS cards. The PCI standards consists of twelve security criteria that most credit card companies require businesses who accept online payments via credit and debit cards to meet. These criteria are created to prevent identity theft, hacking, and other types of fraud. If an internet service provider or online merchant does not meet the PCI DSS criteria, that ISP or merchant risks losing authorization to accept credit card payments via their Web site. ISPs and online merchants prove that they are in compliance with PCI DSS via an audit conducted by a PCI DSS Qualified Security Assessor (QSA) Company. The PCI DSS report is designed to assist them both before and during the audit. Before the audit, it shows which AppFW settings are relevant to PCI DSS, how they should be configured and whether customer’s AppFW configuration (config) meets the standard…which is very important! During the audit, the report can be used to show compliance with relevant PCI DSS criteria. The PCI DSS report consists of a list of those PCI DSS criteria that are relevant to the AppFW config. Under each criterion, it lists current config options, indicates whether current config complies with the PCI DSS criterion, and explains how to configure the AppFW so that the customer’s protected Web site(s) will be in compliance with that criterion.
The PCI DSS report is located under the NetScaler GUI: System –>Reports menu. Here is a capture for info but all the details and same info here in this blog can be found in the NetScaler Application Firewall guide…this is just to refresh all the NetScaler customers that we do have this capability.