Bat Blue Corporation is a provider of network and security technologies and services. Bat Blue offers management of network and security infrastructure, capable of maintaining the health of your network with comprehensive checks and round-the-clock monitoring and notifications. Bat Blue's Cloud/Sec solution facilitates PCI compliance by providing a comprehensive Internet security perimeter, network segmentation and by implementing security policies that are in line with the tools and methodologies necessary for organizations to achieve Payment Card Industry (PCI) compliance.
Bat Blue does not initiate the transmission of or store cardholder data. Bat Blue's primary focus is on facilitating PCI Compliance by delivering the security perimeter. The Bat Blue Cloud/Sec solution fulfills this requirement and though PCI audits are individual efforts, Bat Blue has successfully passed the auditing process as part of an overall PCI compliancy effort.
Enclosed below are Bat Blue's responses to specific requirements defined by the PCI standard for security and privacy:
Build and Maintain a Secure Network
Protect Cardholder Data
Maintain a Vulnerability Management Program
Implement Strong Access Control Measures
Regularly Monitor and Test Networks
Maintain an Information Security Policy
Bat Blue does not initiate the transmission of or store cardholder data. Bat Blue's primary focus is on facilitating PCI Compliance by delivering the security perimeter. The Bat Blue Cloud/Sec solution fulfills this requirement and though PCI audits are individual efforts, Bat Blue has successfully passed the auditing process as part of an overall PCI compliancy effort.
Enclosed below are Bat Blue's responses to specific requirements defined by the PCI standard for security and privacy:
Build and Maintain a Secure Network
| 1. Install and maintain a firewall configuration to protect cardholder data | Bat Blue provides perimeter solutions on behalf of our customers. Firewall (access control) functions are an integral component of Bat Blue's offerings and can be implemented on a per source or user/group basis to control access by application or port/protocol. Bat Blue can assist clients in development of well-defined policies that meet client requirements. |
| 2. Do not use vendor-supplied defaults for system passwords and other security parameters | Bat Blue Security procedures mandate changing all default passwords and include routinely changing passwords at regularly defined intervals |
Protect Cardholder Data
| 3. Protect stored cardholder data | Bat Blue does NOT store, either physically or electronically, any cardholder information including Primary Account Number, Cardholder Name, Expiration Date, Service Code, Magnetic Stripe or equivalent Chip Data, CAV2, CVC2, CVV2,CID, PINs, or PIN Blocks. |
| 4. Encrypt transmission of cardholder data across open, public networks | Bat Blue offers the strongest encryption available and supports double encrypted communications for both site-to-site VPNs as well as host-to-host encryption. |
Maintain a Vulnerability Management Program
| 5. Use and regularly update anti-virus software and programs | Bat Blue incorporates highly accurate and effective malware protection as a component of its offerings that are updated continuously. |
| 6. Develop and maintain secure systems and applications. | Bat Blue's solutions assist clients in developing, implementing and management of comprehensive and holistic security solutions that include visibility, access control, threat management (vulnerability, malware, and spyware), encryption, file transfer control, data leakage prevention, and site categorization services. These services are augmented by expert threat and change management along with vigilent monitoring services that meet and exceed the standards identified here. |
Implement Strong Access Control Measures
| 7. Restrict access to cardholder data by business need to know | Access to all network and security devices that cardholder data traverses is strictly enforced. Bat Blue does NOT store, either physically or electronically, any cardholder information including Primary Account Number, Cardholder Name, Expiration Date, Service Code, Magnetic Stripe or equivalent Chip Data, CAV2, CVC2, CVV2,CID, PINs, or PIN Blocks. |
| 8. Assign a unique ID to each person with computer access | Bat Blue does not allow client data to traverse a “computer”. All Client controlled systems can leverage a local database of users or integrate with the client's directory services (Active Directory or LDAP) allowing clients to specify, control and log all access to specific devices by user. |
| 9. Restrict physical access to cardholder data | Bat Blue does NOT store, either physically or electronically, any cardholder information including Primary Account Number, Cardholder Name, Expiration Date, Service Code, Magnetic Stripe or equivalent Chip Data, CAV2, CVC2, CVV2,CID, PINs, or PIN Blocks. |
Regularly Monitor and Test Networks
| 10. Track and monitor all access to network resources and cardholder data | Bat Blue logs all access and changes to its systems. Bat Blue does NOT store, either physically or electronically, any cardholder information including Primary Account Number, Cardholder Name, Expiration Date, Service Code, Magnetic Stripe or equivalent Chip Data, CAV2, CVC2, CVV2,CID, PINs, or PIN Blocks. |
| 11. Regularly test security systems and processes | Bat Blue offers audit and penetration testing capabilities of the client's environment to ensure the veracity and effectiveness of client policies and process. The client may also acquire a third party auditor or penetration tester to perform testing on an ongoing basis. The client need not notify Bat Blue of such third party validation of their systems. |
Maintain an Information Security Policy
| 12. Maintain a policy that addresses information security for all personnel | Bat Blue maintains an information security policy for its network. Bat Blue also offers consulting services to assist clients in developing an effective information security policy. |
