DATA COMPLIANCE OVERVIEW

Vormetric Data Security Solutions

PCI – DSS |  HIPAA/HITECH |  NIST |  State Data Breach Notification Laws |  National Data Protection & Privacy Laws |  SOX/GLBA/Basel III |  Data Residency/Data Sovereignty |  GDPR |  NCUA |  FDA & DEA

Lawmakers and regulators around the world are enhancing existing data security compliance requirements, implementing new legal frameworks and defining new data security regulations to respond to increasing internal and external hazards. As requirements for data protection compliance strengthening, the use of point solutions to patch holes in data security compliance requirements becomes increasingly expensive and difficult to support.

The Vormetric Data Security Platform provides a common, extensible implementation infrastructure that supports compliance regimes with protection for data-at-rest using encryption, enterprise key management, access control and security intelligence across enterprises, cloud and big data environments. The result is a simple, efficient data security compliance solution that delivers compliance with low total cost of ownership (TCO).

  • Payment Card Industry Data Security Standard (PCI DSS) – Vormetric Data Security Platform products helps enterprises comply with PCI DSS 3.0 compliance requirements 3, 7, 8 and 10 that call for the privacy protection of cardholder information. Vormetric Data Security secures cardholder data in databases as well as voice files, reports, and images.
  • HIPAA/HITECH – Electronic Patient Health Information (ePHI) needs to be secured to maintain compliance with HIPAA/HITECH. Whether unstructured medical imagery or structured database information containing ePHI, Vormetric secures and controls access to ePHI.
  • NIST Special Publication 800-53 details security controls for Federal information systems as required by the FIPS 199 and 200 publications. Revision 4 updates NIST SP 800-53 to detail the extended security controls required for agency use of cloud computing under FedRAMP, the government-wide program providing standards for cloud security. FIPS 199 and 200 support the FISMA Act of 2002 requiring Federal agencies to implement and document information security programs. The FIPS 140-2 publication specifies the security requirements that must be satisfied by the cryptographic module in cryptographic-based security systems. Vormetric enables US government agencies to implement and sustain compliance with these requirements with data at rest encryption, integrated key management, access policies and privileged user controls, security intelligence and training and awareness related to the solution. In support of these initiatives, Vormetric’s Data Security Management is available as a FIPS 140-2 Level 2 or Level 3 validated appliance. The Data Security Manager appliance is also in Common Criteria evaluation.
  • FDA and DEA Related Data Security Compliance (CSOS, EPCS) – “Title 21” is the portion of the Code of Federal Regulations that governs food and drugs within the United States. Title 21 mandates the use of FIPS 140-2 certified cryptographic modules for electronically ordering and prescribing controlled substances through the Controlled Substance Ordering System (CSOS) and Electronic Prescriptions for Controlled Substances (EPCS). Vormetric’s Data Security Platform provides the data security necessary and is available as a FIPS 140-2 Level 2 or Level 3 validated appliance. Learn more here.
  • State Data Breach Notification Laws – US states have data breach notification laws modeled on California SB 1386 that provides a safe harbor in the event of a security breach where the underlying data is encrypted. Vormetric Encryption provides safe harbor and helps businesses avoid the cost and brand damage that comes with security breach notification.
  • National Data Protection and Privacy Laws – Nations around the globe are instituting data protection and privacy laws which mandate encrypting citizen personal information including UK Data Protection Act, EU Data Protection Directive and South Korea’s Personal Information Protection Act. Vormetric Data Security secures personal information, be it structured (in databases) or unstructured.
  • Sarbanes-Oxley, GLBA, Basel III – Vormetric Data Security provides data protection, data security, access control and reporting so enterprises can demonstrate effective control over sensitive information.
  • Data Residency/Data Sovereignty – With over 50, highly varied, national privacy laws in effect worldwide — enterprises, cloud providers and multi-nationals need to ensure that data does not inappropriately cross legal jurisdictions. Vormetric Data Security enables segregation and control of data access to meet their legal obligations – in many cases without changes to applications and infrastructure.
  • GDPR – GDPR requires owners and processors of EU personal data to notify subjects of data breaches. Vormetric can help you avoid having to do this while meeting GDPR’s requirement to ensure data security through means such as encryption, tokenization and masking. Vormetric can also help you meet the GDPR’s requirement to have in place a process to test, assess and evaluate the effectiveness of your organization’s data security measures.
  • NCUA Regulatory Compliance – The National Credit Union Administration regulates and audits credit unions in the U.S. These audits include data security. Vormetric helps credit unions comply with federal mandates and standards for data access rights administration, encryption and key management and security intelligence.

In addition numerous other compliance regimes mandate protection of data-at-rest that can be enabled with Vormetric. These include FedRAMP/NIST 800-53 requirements for US Federal agencies, FIPS 140-2 for security management environments, the Australia Privacy Act, the EU Data Protection Act, South Korea’s PIPA and Singapore’s MAS TRM.

ANALYST REPORT

2014 Global Compliance: The legal obligations..

2014 Global Compliance

By Stewart Room, Partner, Field Fisher Water House. This document examines the global legal obligations to encrypt personal...  

Download >>

WHITE PAPERS

Vormetric Data Security: Complying with PCI DSS 3.0 Encryption Rules

Vormetric on cybersecurity

This white paper outlines how to use Vormetric Transparent Encryption to meet PCI DSS 3.0 Requirements with Data-at-Rest Encryption..  

Download >>

CUSTOMER QUOTE

 Vormetric Data Security allowed us to go beyond check the-box compliance by providing strong data-level controls and centralized key management. As our business evolves, Vormetric Data Security's extensibility will provide us with a means to centralize and standardize our data security efforts at a very low financial and productivity cost. 

Dean Fenton
Director of InformationTechnology
Classified Ventures Nist
Coalfire

WHITE PAPERS

Encryption Architecture

Vormetric FedRAMP / NIST 800-53 Requirements Mapping

Download >>
Encryption Architecture

Coalfire: Using Encryption and Access Control for PCI DSS 3.0 Compliance in AWS

Download >>
FedRAMP

Certification of your CSP Does Not Protect your Data in the Cloud

Download >>

The Vormetric Digital Digest on Data Security

Customer and Partner Success

  • Rackspace Cloud Partners
  • McKesson
  • AWS
  • Google Compute Engine
  • Microsoft
  • IBM
  • CenturyLink
  • QTS
  • Teleperformance Secures
  • Delta Dental