COPS – as a PCI Compliance Tool

PCI requirements address security issues related to the protection of sensitive account holder data. Protection is more than just data encryption or masking. If your company is privately held or too small to trigger the PCI watchdogs, there are still important issues to consider. How do you monitor the users who log into your store controllers for support purposes or otherwise assisting the store? How can you maintain individual operator ids and passwords for the support staff without connecting to every store each time there is a staff change? Are you still using a shared id for your help desk and support personnel to log into your store controllers because it is too hard to manage individual ids? Sarbanes-Oxley raises critical issues about accountability of store systems personnel. Who is accessing the store controller? What commands are they entering into the store controller from the console? There is a solution to assist you in answering these questions.

A PCI Compliancy and Sarbanes-Oxley Tool

 

StoreGazer has an optional feature called Centralized Operator Password Solution, or COPS, which provides several unique functions to help manage the users of the IBM 4690 point-of-sale system. The latest version of COPS takes advantage of and supports the enhanced security provided by IBM 4690 OS V5 or later which includes complex passwords and encryption.

COPS allows an authorized user at the central site to add new operator records, change the password in existing records or delete selected records in the authorization files.  COPS supports entering an operator’s id and password (including complex passwords supported in 4690 OS V5) once at a central site and then systematically sending this data to the appropriate POS controllers.  Using a simple interface in the StoreGazer client, users build a list of changes to the IBM 4690 authorization files.  StoreGazer sends the list to the selected POS controllers and then updates the authorization files on the 4690 store controllers.  COPS can be used to maintain unique user ids for head office personnel who would be logging onto the 4690 POS controllers in the stores.

COPS allows an authorized user to build a new 4690 operator authorization record from scratch.  The user enters a name, a password and then enables specific permissions using the StoreGazer client interface.  The record is sent to the IBM 4690 system from the support center.  A new operator authorization record is created with the selected parameters.

Another function is the ability to control the enhanced security password requirements for an IBM 4690 store controller.  This would include the complexity rules for the passwords and the expiration cycle.  Users can be required to update their passwords periodically to meet PCI requirements for security.

The COPS feature continues to provide the ability to concurrently retrieve a list of operators defined in your store controller.  The list includes all of the operators defined in the operating system, application and the offline application.  The StoreGazer Client then displays the operator lists, including descriptions of the permissions each operator has been granted, and any model authorization record that the operator matches.  A hashed password is displayed, allowing duplicate passwords to be found without exposing the actual password.

A key COPS feature is user activity tracking.  A toolbar button brings up the display of user tracking information in the StoreGazer database.  The StoreGazer agent specifically reports on user login and logout activity, system IPLs and system dumps.  It tracks program start and stop events, connections and logins attempted via telnet and FTP (including SSH and SFTP), and files opened and modified through the 4690 binary file editor (ADXCSJ0L) or DREDIX.  For diagnostic purposes you can now tell who was logged onto a controller when a given problem occurred.

COPS now reports on IBM 4690 command line logging information.  Although IBM 4690 V5 can log command line activity, it was very difficult to retrieve and use the information since each command line session ended up in a different log file.  COPS brings the information together and allows it to be retrieved and viewed at the central site.

If you have StoreGazer installed, you need to add the optional COPS feature.  If you do not have StoreGazer yet, the functionality of COPS assisting you in being PCI and Sarbanes-Oxley compliant is more than enough reason to install StoreGazer.

Functions of StoreGazer’s COPS:

[custom_list]

  • Create user authorization records with specific permissions.
  • Modify permissions of existing user authorization records.
  • Delete existing user authorization records.
  • View/Modify IBM 4690 enhanced security password requirements.
  • Retrieve/Report user ids and permissions from a remote store controller.
  • Track user activity on the store controllers in your network.
  • Retrieve/Report on command line logging information.
  • Report on change activity to specific files or directories.
  • Report on change activity to user ids, passwords or permissions

[/custom_list]