05-23-2011 04:44 AM
Just looking at our backup solution and we are using Backup Exec 12.3. This does indeed encrypt the data, but when reading PCI DSS V2, there is some hints that it might not be what the requirement is looking for even though the encryption level easily surpasses the required complexity.
Can anyone shed some definitive light?
Thanks
05-23-2011 05:32 AM
Backup Exec 12.3 does not exist - however I will assume a typo mistake for that.
Backup Exec Encryption supports FIPS 140-2 standards for encryption
as per
http://www.symantec.com/docs/TECH63931
and
http://www.symantec.com/docs/HOWTO21799
I don't think we have officially confirmed a match for PCI DSS, however it might be that the FIPS standard is an equivalent standard.
Note: If using 64 bit operating systems it appears you need to be using BackuP Exec 2010 to get FIPS Compliant support.
http://www.symantec.com/connect/idea/fips-140-2-encryption-support-x64-platforms
05-23-2011 08:48 AM
Which specific PCI-DSS requirement do you think BE doesn't meet?
The key management parts might be a bit fiddly, but then that's not exclusive to BE.
The main one addressed is that the PAN is rendered unreadable anywhere it is stored, which BE can do using encryption,
05-24-2011 03:58 AM
I did indeed mean 12.5 Sorry about that!
Yeah, was fully aware of the BE encryption but it was whether the type of encryption was specific enough to PCI DSS V2.
Thanks to Colin for pointing out the FIPS approval as this works hand in hand with PCI DSS.
Problem solved!