mercredi 30 juin 2010

What is PCI DSS?

The PCI DSS, a set of comprehensive requirements for enhancing payment account data security, was developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. Inc. International, to help facilitate the broad adoption of consistent data security measures on a global basis.
The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.
The PCI Security Standards Council will enhance the PCI DSS as needed to ensure that the standard includes any new or modified requirements necessary to mitigate emerging payment security risks, while continuing to foster wide-scale adoption.
Ongoing development of the standard will provide for feedback from the Advisory Board and other participating organizations. All key stakeholders are encouraged to provide input, during the creation and review of proposed additions or modifications to the PCI DSS.
The core of the PCI DSS is a group of principles and accompanying requirements, around which the specific elements of the DSS are organized:
Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications
Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data
Regularly Monitor and Test Networks
Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes
Maintain an Information Security Policy
Requirement 12: Maintain a policy that addresses information security
To further the adoption of the PCI DSS, the PCI Security Standards Council defines credentials and qualifications for QSAs and ASVs. The PCI Security Standards Council also manages a global training and certification program for QSAs and ASVs, and will publish a directory of certified providers on this Web site.

mardi 29 juin 2010

RIF Standard Supports Data Integration, Enterprise Agility

 Today W3C published a new standard for building rule systems on
  the Web. Declarative rules allow integration and transformation
  of data from multiple sources in a distributed, transparent and
  scalable manner. The new standard, called Rule Interchange
  Format (RIF), was developed with participation from the
  Business Rules, Logic Programming, and Semantic Web communities
  to provide interoperability and portability between many
  different systems using declarative technologies. For more
  information, see the RIF FAQ.

  http://www.w3.org/2005/rules/wiki/RIF_FAQ

  The six new standards are:

    * RIF Core Dialect, which provides a standard, base level of
      functionality for interchange
    * RIF Basic Logic Dialect and RIF Production Rule Dialect
      provided extended functionality matching two common classes
      of rule engines
    * RIF Framework for Logic Dialects describes how to extend
      RIF for use with a large class of systems
    * RIF Datatypes and Built-Ins 1.0 borrows heavily from XQuery
      and XPath for a set of basic operations
    * and RIF RDF and OWL Compatibility specifies how RIF works
      with RDF data and OWL ontologies.

  Along with these standards, W3C today published five related
  documents: "RIF Overview," "RIF Test Cases," "OWL 2 RL in
  RIF," "RIF Combination with XML data," and "RIF In RDF." The
  RIF Working Group is also preparing a primer and a revision of
  its outdated "Use Cases and Requirements." Learn more about
  the Semantic Web Activity.

  http://www.w3.org/TR/2010/NOTE-rif-overview-20100622/
  http://www.w3.org/TR/2010/WD-rif-test-20100622/
  http://www.w3.org/TR/2010/NOTE-rif-owl-rl-20100622/
  http://www.w3.org/TR/2010/WD-rif-xml-data-20100622/
  http://www.w3.org/TR/2010/WD-rif-in-rdf-20100622/
  http://www.w3.org/2005/rules/wiki/RIF_Working_Group
  http://www.w3.org/TR/2008/WD-rif-ucr-20081218/
  http://www.w3.org/2001/sw

Source : http://www.w3.org/News/2010#entry-8839

dimanche 20 juin 2010

La DAJ met à jour les formulaires de marchés publics (DC, OUV et NOTI)

La Direction des affaires juridiques (DAJ) du MINEFE à Bercy vient de publier sur son site internet de nouveaux modèles de formulaires DC (déclaration des candidats), OUV (ouverture des candidatures et des offres) et NOTI (notification). Les modifications apportées ont pour objectif d'adapter les imprimés standards aux récentes évolutions réglementaires et à les simplifier. Cependant, la DAJ engage les praticiens à lui faire part de leurs remarques et propositions sur ces nouevaux formulaires avant le 14 juillet 2010 à l'adresse suivante : mp-formulaires.daj@finances.gouv.fr. A l'issue de cette consultation, les formulaires définitifs seront publiés.

Dans les documents proposés à consultation, les termes utilisés ont été unifiés, "en harmonie avec les termes figurant dans le Code des marchés publics" et "des commentaires sur l'usage des imprimés ont été intégrés en préambule des documents". Le nombre de signatures et de documents exigés des candidats a également été réduit. Ainsi, les membres d'un groupement candidat à l'attribution d'un marché doivent actuellement porter leur signature dans trois rubriques du DC4 (constituant la lettre de candidature et portant habilitation du mandataire par ses co-traitants) et une du DC5 (fixant la liste des renseignements ou documents demandés aux candidats). Si les projets de formulaire sont adoptés, les candidats n'auront plus qu'à signer le DC4 qui comportera désormais la déclaration sur l'honneur des candidats et attestera des renseignements produits au titre du DC5.
La DAJ rappelle également que les modèles de formulaires peuvent être ajustés par les pouvoirs adjudicateurs en fonction des informations qu'ils souhaitent demander (ajout de mentions, de lignes supplémentaires). Toutefois, les éventuelles adaptations "ne doivent pas aller au-delà de ce qui est exigé par la réglementation" et le logo et l'identification du ministère de l'Economie, de l'Industrie et de l'Emploi doivent être retirés.
 
Source : Apasp et http://www.localtis.info/

Référence : fiche de la Direction des affaires juridiques du ministère de l'Economie, de l'Industrie et de l'Emploi.