Anonymous, bureaucrat, administrator
7,528
edits
Changes
no edit summary
=== ISO 27001 ===
Currently All n One does not have ISO 27001 accreditation. All n One are currently implementing the standard. All n One are seeking accreditation with a view to it being in place by the end of Q1 2015. http://en.wikipedia.org/w/index.php?title=ISO27001
=== PCI DSS ===
Currently All n One does not have PCI DSS compliance accreditation. All n One operates the implementation of all of the Control Objectives, but is not accredited. All n One are working towards accreditation but require a bxp client to patron it's implementation as we do not have any bxp client with this requirement currently.
http://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard
Control Objectives
* '''Build and Maintain a Secure Network'''
** 1. Install and maintain a firewall configuration to protect cardholder data
** 2. Do not use vendor-supplied defaults for system passwords and other security parameters
* '''Protect Cardholder Data'''
** 3. Protect stored cardholder data
** 4. Encrypt transmission of cardholder data across open, public networks
* '''Maintain a Vulnerability Management Program'''
** 5. Use and regularly update anti-virus software on all systems commonly affected by malware
** 6. Develop and maintain secure systems and applications
* '''Implement Strong Access Control Measures'''
** 7. Restrict access to cardholder data by business need-to-know
** 8. Assign a unique ID to each person with computer access
** 9. Restrict physical access to cardholder data
* '''Regularly Monitor and Test Networks'''
** 10. Track and monitor all access to network resources and cardholder data
** 11. Regularly test security systems and processes
* '''Maintain an Information Security Policy'''
** 12. Maintain a policy that addresses information security
=== ENISA ===
The objective of ENISA is to improve network and information security in the European Union. The agency has to contribute to the development of a culture of network and information security for the benefit of the citizens, consumers, enterprises and public sector organisations of the European Union, and consequently will contribute to the smooth functioning of the EU Internal Market.
ENISA assists the Commission, the Member States and, consequently, the business community in meeting the requirements of network and information security, including present and future EU legislation. ENISA ultimately strives to serve as a centre of expertise for both Member States and EU Institutions to seek advice on matters related to network and information security.
http://en.wikipedia.org/wiki/European_Network_and_Information_Security_Agency
As part of ENISA's work they have developed
http://www.enisa.europa.eu/activities/risk-management/files/deliverables/cloud-computing-information-assurance-framework
bxp is delivered against this assurance framework with secure details available to clients through your BDAM.
=== OWASP ===
The Open Web Application Security Project (OWASP) is an online community dedicated to web application security. The OWASP community includes corporations, educational organizations, and individuals from around the world. This community works to create freely-available articles, methodologies, documentation, tools, and technologies. The OWASP Foundation is a 501(c)(3) charitable organization that supports and manages OWASP projects and infrastructure. It is also a registered non profit in Europe since June 2011. http://en.wikipedia.org/wiki/OWASP
https://www.owasp.org/index.php/Main_Page
One of the projects delivered by OWASP is the Top 10 Project. https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
bxp is tested against the Top 10 on a monthly basis.
=== W3C XHTML Compliance ===
The whole of bxp uses XHTML 1.0 as the document standard. For this reason, we validate against the W3C XHTML 1.0 standard.
For further information on this standard http://en.wikipedia.org/wiki/World_Wide_Web_Consortium
This validator checks the markup validity of Web documents in HTML, XHTML, SMIL, MathML, etc. http://validator.w3.org/
=== WAI Accessability Compliance ===
''The power of the Web is in its universality. Access by everyone regardless of disability is an essential aspect.'' Tim Berners-Lee, W3C Director and inventor of the World Wide Web
All n One emulate this ideals by including the guidelines in all aspects of our design and development and implementation of bxp. http://www.w3.org/standards/webdesign/accessibility