Forum Discussion

InfoSec1's avatar
InfoSec1
Level 2
14 years ago

Backup Exec 12.3 - PCI DSS compliant encryption?

Just looking at our backup solution and we are using Backup Exec 12.3.  This does indeed encrypt the data, but when reading PCI DSS V2, there is some hints that it might not be what the requirement is looking for even though the encryption level easily surpasses the required complexity.

Can anyone shed some definitive light?

Thanks

  • I did indeed mean 12.5 smiley  Sorry about that!

    Yeah, was fully aware of the BE encryption but it was whether the type of encryption was specific enough to PCI DSS V2. 

    Thanks to Colin for pointing out the FIPS approval as this works hand in hand with PCI DSS.

    Problem solved!

  • Which specific PCI-DSS requirement do you think BE doesn't meet?

    The key management parts might be a bit fiddly, but then that's not exclusive to BE.

    The main one addressed is that the PAN is rendered unreadable anywhere it is stored, which BE can do using encryption,

  • Backup Exec 12.3 does not exist - however I will assume a typo mistake for that.

     

    Backup Exec Encryption supports FIPS 140-2 standards for encryption

    as per

    http://www.symantec.com/docs/TECH63931

    and

    http://www.symantec.com/docs/HOWTO21799

     

    I don't think we have officially confirmed a match for PCI DSS, however it might be that the FIPS standard is an equivalent standard.

    Note: If using 64 bit operating systems it appears you need to be using BackuP Exec 2010 to get FIPS Compliant support.

    http://www.symantec.com/connect/idea/fips-140-2-encryption-support-x64-platforms