Engineered Systems and PCI
Posted
by Joel Weise
on Oracle Blogs
See other posts from Oracle Blogs
or by Joel Weise
Published on Fri, 19 Oct 2012 19:48:20 +0000
Indexed on
2012/10/19
23:14 UTC
Read the original article
Hit count: 236
/Oracle
Oracle has a number of different engineered systems. These are design to be highly integrated, optimized and secure systems. The Exadata database engineered system and the Exalogic application engineered system are two good examples. Often I am asked how these comply with different standards and regulations. Exalogic is the Oracle engineered system that supports applications and the focus of today's blog. First, we must recognize that as a collection of hardware and software, we cannot simply state that Exalogic is "compliant" with PCI DSS. This is because Exalogic must be implemented within the context of one's existing IT infrastructure, the security features of that infrastructure, the governance framework that exists, security policies, operational procedures, and other factors. What we can say though, is that Exalogic has been designed with various security capabilities that can be utilized to support compliance to PCI DSS as well as other standards and regulations (e.g., NIST and HIPAA). Given that, Exalogic can be an excellant platform for running PCI related payment applications. Coalfire Systems, a leading QSA in the US, has evaluated Exalogic against PCI DSS and supports this position. Their evaluation can be found here: Exalogic and PCI Compliance.
I hope you find it useful.
© Oracle Blogs or respective owner