Cloud security standards- Security compliance certificates like PCI/DSS and HIPAA, etc.

Topic

Hey! I wanted to know if Cirrus has Cloud security standards like PCI/ DSS(financial transactions) and HIPAA (healthcare). Other vendors like Meraki has these certificates. Or any information that can be used to make a customer trust on our cloud-managed solution (CIRRUS). Are there any third-party audits that happen? Thanks in Advance. 🙂

Date
01.11.2019
answer
1
views
25
Author
Asked by archana-koul

Answers

Good Morning,
As far as I know, there is no certification for PCI/DSS not like Common Criteria or FIPS where an external entity is following a test suite and certify or not based on success.
What is existing is a list of prescriptions and technical best practices to follow for network design, guidelines such as separation of management plane versus data plane, isolation, firewall or network management capabilities and features recommended for the compliance enforcement.
PCI means that OV Cirrus can follow a suite of tests and can report compliance or any deviation using self reporting.
This suite of tests includes about 15 points such as :
- Golden configurations
- Password policy
- No password saved in clear text
- Rogue AP detection / WIPS
- etc ...
From Omini Vista Cirrus standpoint, where we are:
We are already providing a large part of what is expected such as:
- RBAC (Role Based Access Control)
- Golden configurations
- Logs for audit, user tracking / user activity
- WIPS
but what is missing is the ability to self generate reports directly from OV Cirrus for all tests related to PCI compliance and this is something we are envisioning in the coming roadmap somewhere next year.

Date
01.11.2019
Author
Add Comment
Vote