|
| |
 |
 |
|
|
|
|
Compliance Report
Good News Graphics
01-JUL-2005 21:02
Confidential
Information
The following report contains confidential
information. Do not distribute, email, fax or
transfer via any electric mechanism unless it
has been approved by your organization's
security policy. All copies and backups of this
document should be maintained on protected
storage at all times. Do not share any of the
information contained within this report with
anyone unless you confirm they are authorized to
view the information.
Disclaimer
This, or any other, vulnerability audit cannot
and does not guarantee security. ScanAlert makes
no warranty or claim of any kind, whatsoever,
about the accuracy or usefulness of any
information provided herein. By using this
information you agree that ScanAlert shall be
held harmless in any event. ScanAlert makes this
information available solely under its Terms of
Service Agreement published at www.scanalert.com.
|
| Introduction
to ScanAlert's PCI Compliance Audit Report |
As
a "Qualified Independent Scan Vendor"
ScanAlert is accredited by Visa, MasterCard,
American Express, Discover Card and JCB to
perform network security audits conforming the
Payment Card Industry (PCI) Data Security
Standards.
To earn certification of PCI compliance network
devices being audited must pass tests that probe
all of the known methods hackers use to access
private information, in addition to
vulnerabilities that would allow malicious
software (i.e. viruses and worms) to gain access
to or disrupt the network devices being tested.
This report was generated in the framework of
the SDP Program and took in consideration
security requirements as expressed in the
MasterCard Security Standard.
NOTE: In order to demonstrate compliance with
the PCI security standard requirements a
vulnerability scan must have been completed
within the past 90 days with no vulnerabilities
listed as URGENT, CRITICAL or HIGH (numerical
severity ranking of 3 or higher) present on any
device within this report.
|
| ScanAlert's
Certification of Regulatory Compliance |
HACKER
SAFE® sites are tested and certified daily by
ScanAlert to meet all U.S. Government
requirements for remote vulnerability testing as
set forth by the National Infrastructure
Protection Center (NIPC) and are accredited by
the SANS Institute to meet the requirements of
the SANS/FBI "Top Twenty Internet
Securities Vulnerabilities" test. They are
also certified to meet the security scanning
requirements of Visa USA's Cardholder
Information Security Program (CISP), Visa
International's Account Information Security (AIS)
program, MasterCard Internationals's Site Data
Protection (SDP) program, American Express' CID
security program, the Discover Card Information
Security and Compliance (DISC) program within
the framework of the Payment Card Industry (PCI)
Data Security Standard.
|
| Compliance
Glossary |
|
 |
ScanAlert HACKER SAFE® |
|
| Signifies
device, as of the date of this report, is
compliant with ScanAlert's HACKER SAFE
certification. Network devices certified as
HACKER SAFE are tested daily and certified to
pass all external vulnerability audit
recommendations of the Department of Homeland
Security's National Infrastructure Protection
Center (NIPC) and the requirments of the Payment
Card Industry Data Security Standard (PCI-DSS).
HACKER SAFE certification also meets the
requirements for network vulnerability audits of
the CHILDREN'S ONLINE PRIVACY PROTECTION ACT OF
1998, the HEALTH INSURANCE PORTABILITY AND
ACCOUNTABILITY ACT OF 1996 (HIPAA), the GRAMM-LEACH-BAILEY
ACT (GLBA) protecting financial information, and
the SARBANES-OXLEY ACT (SOX). |
|
 |
Payment Card Industry (PCI)
Data Security Standard |
|
| Signifies
device, as of the date of this report, is
compliant with the remote vulnerability audit
requirements of the Payment Card Industry Data
Security Standard (PCI-DSS), Visa USA's
Cardholder Information Security Program (CISP),
Visa International's Account Information
Security (AIS) program, MasterCard
International's Site Data Protection (SDP)
program, the American Express Data Security
Standards, and Discover Card's DISC program. |
|
 |
SANS / FBI Top 20 |
|
Signifies
device, as of the date of this report, is free
of all vulnerabilities that can be remotely
scanned for as listed on the SANS/FBI Top Twenty
vulnerabilities list, and meets all US federal
government requirements for remote vulnerability
testing as set forth by the National
Infrastructure Protection Center (NIPC). The
SANS Institute has tested and accredited
ScanAlert's vulnerability audits to meet these
requirements. The SANS/FBI Top Twenty
vulnerabilities list is generally regarded as
the industry-wide benchmark for network
vulnerability assessment.
|
|
| Report
Overview |
|
| Customer
Name |
Good News Graphics |
|
| Date
Generated |
01-JUL-2005 21:02 |
|
| Report
Type |
Compliance |
|
| Devices |
1 |
|
| Device
Groups |
0 |
|
| Vulnerabilities |
0 |
|
|
|
| Report
Contents |
|
 Compliance
Glossary
PCI Security
Scan
PCI
Self-Assessment
|
|
| PCI
Security Scan Results |
| Name |
Scan Date |
|
PCI Compliant |
|
|
| www.goodnewsgraphics.com |
28-JUN-2005 |
|
Pass |
|
|
| PCI
Self-Assessment Results |
| Questionnaire
Pass / Fail |
Pass - 100% |
|
| Questionnaire
Completion Date |
29-JUN-2005 |
|
|
|
|
|
| |
|
Christian window sticker decals, Christian front license
plate tags, spare tire covers, t shirts & book tote bags