PCI eCommerce Upgrade
On this page:
Objectives
Develop, test and implement a system architecture and set of administrative procedures that enhances the central e-Commerce systems so that they meet PCI Level 2 compliance requirements.
Important: The solution being implemented is a remediation of the existing architecture to enhance security and meet compliance requirements as established by VISA. Further research and analysis will occur over the next 18 months to determine the optimal PCI solution.
Scope
- Migrate the eCommerce Gateway application, dev and test servers to Debian Linux based hosts. This migration will serve to segregate the CashNet and eCommerce system on separate servers. The database will remain on the Solaris server.
- Isolate the eCommerce hosts behind their own 2-tier firewall zone.
- Enhance the security of the eCommerce Gateway code to align with OpenWeb Application Security Project Standards.
- Minimize administrative host access both logically and physically
- Establish 24x7 monitoring
- Establish effective test parameters and processes for clients to ensure application functionality and a smooth transition to the new eCommerce gateway.
- Align with IT Services Operational Excellence initiatives for Disaster Recovery and Change Management
Schedule and Status of Deliverables
Status: green
Milestones:
- July 26: Upgrade gateway code, release for internal testing
- August 4: Release to UAT
- August 20: UAT complete
- August 24: Cutover to production
Project Documents
Project Team
- Sponsor
- Allison Baird-James, Controller's Office
John Freshwaters, Executive Director, IT Services - Project Manager
- Michelle Collette
- Regular Team Members & Representatives
- Jano Kray
Yue Lu
Victoria Azarshahy
Annika Rogers
Mike Horansky
Digant Kusundra
Steve Tingley - Ad Hoc Team Members & Advisors
- Eric Nakagawa
Last modified Thursday, 10-Aug-2006 10:58:35 AM