Skip to end of metadata
Go to start of metadata
You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 7
Next »
| Compliance Status | |
---|
Password Management
| | For VRS Cisco integration, the agent-name/password is synchronized with Cisco Finesse. VRS doesn't enforce any password policies in this case. |
Encrypt transmission of cardholder/caller/user data across open, public networksUse strong cryptography and security protocols such as SSL/TLS, SSH or IPSec to safeguard sensitive cardholder data during transmission over open, public networks (e.g. Internet, wireless technologies, Global System for Mobile Communications [GSM], General Packet Radio Service [GPRS]). Encrypt using strong cryptography all non-console administrative access such as browser/web-based management tools.
| Web-based access is secured via SSL. | |
Implement Strong Access Control MeasuresLimit access to system components and cardholder data to only those individuals whose job requires such access. Establish an access control system for systems components with multiple users that restricts access based on a user’s need to know, and is set to “deny all” unless specifically allowed. Implement two-factor authentication for remote access to the network by employees, administrators, and third parties. Render all passwords unreadable during storage and transmission, for all system components, by using strong cryptography. Ensure proper user identification and authentication management.
| Role-based security for the VRS users For the recordings stored on the hard-disk, the system admin needs to protect it from unauthorised access. Two-factor authentication with Cisco integration is not tested. SSL is used for transport security User identification is done using
| |
Maintain a Vulnerability Management ProgramEstablish a process to identify security vulnerabilities, using reputable outside sources for security vulnerability information, and assign a risk ranking (for example, as “high,” “medium,” or “low”) to newly discovered security vulnerabilities. Develop internal and external software applications (including web-based administrative access to applications) securely, as follows:
| | |