Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PCI Compliance with Tidal Scheduler

Looking for information on how Tidal is treated/mitigated within PCI environments within banks and retailers.

2 REPLIES
New Member

We're going through a PCI

We're going through a PCI compliance audit right now, and TIDAL is out of scope. 

(We're a wireless telecom.)

 

New Member

At a company I worked for,

At a company I worked for, Tidal was in-scope as it ran jobs on in-scope applications.  We had to show how security policies were setup to prevent unauthorized Tidal users from accessing those jobs or the agent/adapter.  We had to show what our procedure was for adding and deleting interactive users.  We had to show that alerts were generated for job failures for those applications, show how we entered the incidents in our ticketing system.  And then show how we responded to the incident and what our resolution was.

 

I did a couple of things to help with the process.  One was to require an agent/adapter was defined on each job, not inherited to ease showing auditors what job was running on what system (I know this one might generate comments.  I was over-cautious since it was a financial audit.  6.x also improves searching).  The second was that we were required to keep a full fiscal year up to the time of the audit, so I built a process to copy data to a Tidal_Archive database that I built.  That way my production database stayed small, but I still had the history (alerts, operator actions, logs, events) for review.

 

Hope that helps,

Michelle

 

 

53
Views
0
Helpful
2
Replies