Archive for the ‘regulatory compliance’ Tag

Xirrus is First Wireless Product for PCI Compliance Certified by VeriSign

My employer, Xirrus, had a recent press release that I thought was of value to my readers.   While somewhat of a shameless plug, it is something that I am extremely excited about!  We are the first (and only WiFi vendor to date) whose product has been certified by VeriSign for operation in a PCI network.  Maybe its the former IT auditor in me (I worked several years at Protiviti and am still an active member of ISACA), but this is fantastic news. Below is the press release:

Xirrus, Inc., the Wi-Fi “Power-Play” that delivers the most wireless coverage, bandwidth, and throughput in the industry, announces VeriSign assessment of the new features that enforce PCI-compliant configurations for the Xirrus Wi-Fi Array product line.

Payment Card Industry (PCI) security standards are worldwide technical and operational requirements that were created to help organizations that process card payments prevent fraud, hacking, and other various security vulnerabilities and threats. All members of the payment card industry, including financial institutions, credit card companies, merchants (retailers, hotels, etc.), and service companies must comply with these standards if they want to accept credit cards.

“To maintain a secure network and comply with the PCI standards, companies must ensure their Wi-Fi networks are secure and automatically protect both their companies’ and their customers’ information,” said Kurt Sauter, Director of Corporate Initiatives. “The new Xirrus PCI audit mode, available in all Wi-Fi Arrays, ensures product configuration changes are compliant with PCI standards, disallows changes that would result in a non-PCI-compliant configuration, and sends notifications that identify any product that does not meet the new requirements.”

New PCI-compliant implementations that use Wi-Fi are prohibited from using WEP starting March 31, 2009 and current wireless users are required to implement strong encryption such as 802.11i after June 30, 2010. The new features are available beginning in Xirrus ArrayOS software release 3.5 and include additional security features for ensuring the utmost in wireless security including:

  • Integrated and dedicated Wi-Fi Threat Sensor for continuous monitoring of the air
  • Integrated rules-based stateful firewall
  • Reprogrammable FPGA-based encryption engines
  • Integrated Spectrum Analyzer for DoS attacks and RF analysis
  • Advanced RADIUS/802.1x user and administrator authentication
  • Captive Web Portals for guest user authentication and control
  • Penetration-tested software and hardware platform
  • FIPS 140-2 Government security certification

“Xirrus is the first Wi-Fi vendor to take their products through VeriSign’s rigorous Security Certification Methodology,” said Katie Jenkins, Senior Consulting Manager responsible for VeriSign’s Security Certification Program. “Our program confirms that Xirrus has demonstrated that it has taken reasonable and appropriate steps to identify and manage information security risks and utilize PCI information security best practices for the evaluated Xirrus Wi-Fi Array products.”

Advertisements
Advertisements