Group report pages

The Payment Card Industry Data Security Standard (PCI DSS) report measures compliance levels by correlating data available to the AlgoSec system for the device under review with requirements of the PCI DSS audit procedures. Using this report can save you hours of work when you need to prepare your annual or quarterly PCI DSS compliance report.

If AppViz is being used with a vulnerability scanner, this report can be configured to display the vulnerability of PCI applications. Requirement 6.1 specifies whether AppViz is being used and whether vulnerability scanner integration is enabled. If you configure the PCI zone and a vulnerability threshold in AFA, the requirement additionally specifies the servers in the PCI zone and the vulnerability assessment for all AppViz applications which intersect the PCI zone. For more details, see Configure the PCI zone.

PCI DSS v4.0 includes many new and revised requirements. It supports the use of different technologies, such as cloud, by introducing more flexibility to the wording of requirements.

The Sarbanes-Oxley Act (SOX) report measures compliance levels by correlating data available to the AlgoSec system for the device under review with requirements of the CobiT 5 control objectives and COSO components.

The ISO/IEC 27001 report measures compliance levels by correlating data available to the AlgoSec system for the device under review with requirements of the ISO/IEC 27001:2022 International Standard "Information technology - Security techniques - Information security management systems - Requirements" and of the companion ISO/IEC 27002:2022 "Code of practice for information security management" International Standard.

The NERC Standards for Critical Infrastructure Protection (NERC CIP) report measures compliance levels by correlating data available to the AlgoSec system for the device under review with requirements of the NERC Standards CIP-002-2, CIP-003-2, CIP-004-2, CIP-005-2, and CIP-007-2. Compliance with these requirements is required of all NERC-registered entities by June 30, 2010. The report addresses the requirements that apply to devices, filtering routers, and VPNs.

The requirement numbers listed in the report are aligned with those specified in the relevant NERC Standards.

The NIST Special Publication 800-171 report measures compliance levels by correlating data available to the AlgoSec system for the device under review with requirements of the National Institute of Standards and Technology (NIST) document Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations, Revision 1 (June 2015).

This publication provides federal agencies with recommended requirements for protecting the confidentiality of Controlled Unclassified Information (CUI):

(i) when the CUI is resident in non-federal information systems and organizations;

(ii) when the information systems where the CUI resides are not used or operated by contractors of federal agencies or other organizations on behalf of federal agencies;

(iii) where there are no specific safeguarding requirements for protecting the confidentiality of CUI prescribed by the authorizing law, regulation, or government wide policy for the CUI category or subcategory listed in the CUI Registry.

The NIST Special Publication 800-53 report measures compliance levels by correlating data available to the AlgoSec system for the device under review with requirements of the National Institute of Standards and Technology (NIST) Security and Privacy Controls for Federal Information Systems and Organizations , Revision 4 (April 2013). FIPS Publication 200, Minimum Security Requirements for Federal Information and Information Systems , is a mandatory federal standard developed by NIST in response to FISMA. To comply with the federal standard, organizations first determine the security category of their information system in accordance with FIPS Publication 199, Standards for Security Categorization of Federal Information and Information Systems, derive the information system impact level (High, Moderate or Low) from the security category in accordance with FIPS 200, and then apply the appropriately tailored set of baseline security controls in NIST Special Publication 800-53, Security and Privacy Controls for Federal Information Systems and Organizations.

The NIST Special Publication 800-41 report measures compliance levels by correlating data available to the AlgoSec system for the device under review with requirements of the National Institute of Standards and Technology (NIST) Guidelines on Firewalls and Firewall Policy , Revision 1 (Sep 2009).

The Gramm–Leach–Bliley Act (GLBA) report measures compliance levels by correlating data available to the AlgoSec system for the device under review with requirements of the Information Security IT Booklet issued by the Federal Financial Institutions Examination Council (FFIEC) in order to comply with the GLBA Safeguards Rule (section 501(b)).

The Basel-II report measures compliance levels by correlating data available to the AlgoSec system for the device under review with requirements of the Basel Committee on Banking Supervision's framework International Convergence of Capital Measurement and Capital Standards (June 2006). It follows the IT Governance Institute (ITGI)'s guidelines entitled "IT Control Objectives for Basel II" (2007) as expressed by the ten IT Guiding Principles (ITGP), and uses the Control Objectives for Information and Related Technology (CobiT) framework. In addition this report also refers to the Committee of Sponsoring Organizations of the Treadway Commission (COSO) Internal Control - Integrated Framework. Within each COSO component the report refers to specific IT Guiding Principles for Basel II numbers and CobiT 5 Control Objectives.

The BSI 200 report measures compliance levels by correlating data available to the AlgoSec system for the device under review with requirements of the BSI standard 200-1 information security management systems (ISMS) and its supplementary standard, the BSI standard 200-2 IT-Grundschutz methodology (BSI-Standard 200-1 Informationssicherheitsmanagementsysteme (ISMS) und dessen ergänzendem Standard, der BSI-Standard 200-2 IT-Grundschutz Methodik).

The ASDM report measures compliance levels by correlating data available to the AlgoSec system for the device under review with requirements of the Australian Signals Directorate's strategies to mitigate targeted cyber intrusions updated March 2023.

Like the AlgoSec Sarbanes-Oxley report, the Financial Instruments and Exchange Law (Japan) report measures compliance levels by correlating data available to the AlgoSec system for the device under review with requirements of the CobiT 5 control objectives, in the Japanese language. Use this report to learn how well you are doing, and to present to your auditors as needed.

The MAS TRM report measures compliance levels by correlating data available to the AlgoSec system for the device under review with requirements of the Technology Risk Management Guidelines (TRM) issued by The Monetary Authority of Singapore (MAS), updated January 2021.

The HIPAA report measures compliance levels by correlating data available to the AlgoSec system for the device under review with requirements of the Security Rule of the Health Insurance Portability and Accountability Act issued on February 20, 2003. The AlgoSec interpretation of the HIPAA act relies on both NIST SP 800-66 Revision 1, and The HIPAA Security Information Series.

The General Data Protection Regulation (GDPR) report measures compliance levels by correlating data available to the AlgoSec system for the device under review with requirements of the European Parliament and the Council of the European Union's regulation, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. For the purpose of this compliance report, AlgoSec uses the framework of ISO/IEC 27001.

The SWIFT report measures compliance levels by correlating data available to the AlgoSec system for the device under review with requirements of the SWIFT Customer Security Controls Framework based on the SWIFT Customer Security Programme (CSP) Guidelines, last updated in July 2021.

The HKMA report measures compliance levels by correlating data available to the AlgoSec system for the device under review with requirements of the Hong Kong Monetary Authority (HKMA) Supervisory Policy Manual (SPM) last updated in October 2019.

The General Law on Protection of Personal Data (LGPD) report measures compliance levels by correlating data available to the AlgoSec system for the device under review with requirements of the General Data Protection Law of the Federative Republic of Brazil, LEI No. 13,709, of August 14, 2018.

The AlgoSec Firewall Analyzer ECB Compliance report is based on the Assessment Guide For The Security Of Internet Payments, February 2014.

The European Central Bank (ECB) is the central bank of the European Union countries which have adopted the euro. This assessment guide has been developed by the European Forum on the Security of Retail Payments, SecuRe Pay (The Forum), on the basis of the final recommendations for the security of internet payments