Hey! I wanted to know if Cirrus has Cloud security standards like PCI/ DSS(financial transactions) and HIPAA (healthcare). Other vendors like Meraki has these certificates. Or any information that can be used to make a customer trust on our cloud-managed solution (CIRRUS). Are there any third-party audits that happen? Thanks in Advance. :)
Good Morning,
As far as I know, there is no certification for PCI/DSS not like Common Criteria or FIPS where an external entity is following a test suite and certify or not based on success.
What is existing is a list of prescriptions and technical best practices to follow for network design, guidelines such as separation of management plane versus data plane, isolation, firewall or network management capabilities and features recommended for the compliance enforcement.
PCI means that OV Cirrus can follow a suite of tests and can report compliance or any deviation using self reporting.
This suite of tests includes about 15 points such as :
- Golden configurations
- Password policy
- No password saved in clear text
- Rogue AP detection / WIPS
- etc ...
From Omini Vista Cirrus standpoint, where we are:
We are already providing a large part of what is expected such as:
- RBAC (Role Based Access Control)
- Golden configurations
- Logs for audit, user tracking / user activity
- WIPS
but what is missing is the ability to self generate reports directly from OV Cirrus for all tests related to PCI compliance and this is something we are envisioning in the coming roadmap somewhere next year.