We are in the process of implementing the Payment Card Industry Data
Security Standards and in an effort to cover everything and not be obliged
to look at each instance in a one-off we are curious how other sysplex
implementations were done. We would like to understand if we can approach
this as virtually a single system image with the appropriate obfuscation,
data and network access controls or if it gets more complicated than that.
We're running a single zOS sysplex that hosts all our workload and we'd
like to keep it that way. We've read the PCI-DSS standard documentation
and were impressed by how much they leave open to interpretation and we
have read the atsec doc on large system implementations.
What has been the experience of the people here? Thank you for your
help, maybe we can offer an idea or two of our own that might be useful.
Thomas Ambros
Operating Systems and Connectivity Engineering
518-436-6433
This communication may contain privileged and/or confidential information. It is intended solely for the use of the addressee. If you are not the intended recipient, you are strictly prohibited from disclosing, copying, distributing or using any of this information. If you received this communication in error, please contact the sender immediately and destroy the material in its entirety, whether electronic or hard copy. This communication may contain nonpublic personal information about consumers subject to the restrictions of the Gramm-Leach-Bliley Act. You may not directly or indirectly reuse or redisclose such information for any purpose other than to provide the services for which you are receiving the information.
127 Public Square, Cleveland, OH 44114
If you prefer not to receive future e-mail offers for products or services from Key
send an e-mail to mailto:
DNERe...@key.com with 'No Promotional E-mails' in the
SUBJECT line.