Visa USA's Cardholder Information Security Program (CISP) (mandated since June 2001) is intended to protect Visa cardholder data 'wherever it resides', ensuring that members, merchants, and service providers maintain the highest information security standards. To achieve compliance with CISP, merchants and service providers must adhere to the Payment Card Industry (PCI) Data Security Standard, which offers a single approach to safeguarding sensitive data for all card brands. This standard is a result of collaboration between Visa and MasterCard, and is designed to create common industry security requirements that incorporate the CISP requirements.

Data Sheet
Key Features
Whitepapers
The PCI Data Security Standard consists of twelve basic requirements supported by more detailed sub-requirements. The PCI Data Security Standard outlines a good framework for protecting cardholder data against exposure and compromise. Rsam's PCI template is based on this framework and assists organizations seeking to apply/measure the PCI standard in an efficient and scalable manner. For most organizations that rely on multiple system components for their cardholder data, simply walking through the PCI checklist once is not sufficient to demonstrate compliance! The appropriate PCI requirements must be verified against each specific system component (including applications, servers, data centers, wireless-access points, etc.) PCI controls template includes mapping of individual controls & requirements to specific system components (defined as any network component, server, or application included in, or connected to, the cardholder data environment). All PCI controls come pre-mapped, providing customers the proper area to address the proper control requirement. The PCI framework also requires organizations to maintain specific policies & procedures to address the twelve defined areas. All these high-level best practice controls are carefully selected and mapped to its relevant areas of compliance. In addition to the PCI framework, controls are derived from and cross-referenced to NIST 800-26, FFIEC and ISO.
Wherever feasible, Rsam PCI's template adopts a fact-based assessment approach. This allows the organization to implement a consistent & repeatable approach that provides the organization increased flexibility and accuracy in conducting assessments. More importantly, the assessment itself becomes more dynamic - as PCI requirements change, Rsam can seamlessly adapt these changes, and your analysis & reports will reflect the updated requirements & standards right away!
Rsam provides organizations with the most powerful and efficient tools available to manage each step of the assessment process within an enterprise, including intuitive interfaces and a powerful interactive reporting engine. Rsam technology allows organizations to:
Leverage out-of-the-box comprehensive risk & controls library focused on FISMA compliance and based on NIST & FIPS publications
Choose from a road-tested library of controls cross-referenced with PCI requirements
Enhance the accuracy & efficiency of your assessment by leveraging innovative methods/techniques such as fact-based data gathering and container relationships
Identify and manage your risks using Rsam's 45+ consistent and actionable roll-up, drill-down, and relational reports.
Plan, document & track remediation efforts for identified gaps
Use a single central repository to track against multiple areas of compliance and industry standards