PCI eCommerce Upgrade
Develop, test and implement a system architecture and set of administrative procedures that enhances the central e-Commerce systems so that they meet PCI Level 2 compliance requirements.
Important: The solution being implemented is a remediation of the existing architecture to enhance security and meet compliance requirements as established by VISA. Further research and analysis will occur over the next 18 months to determine the optimal PCI solution.
- Migrate the eCommerce Gateway application, dev and test servers to Debian Linux based hosts. This migration will serve to segregate the CashNet and eCommerce system on separate servers. The database will remain on the Solaris server.
- Isolate the eCommerce hosts behind their own 2-tier firewall zone.
- Enhance the security of the eCommerce Gateway code to align with OpenWeb Application Security Project Standards.
- Minimize administrative host access both logically and physically
- Establish 24x7 monitoring
- Establish effective test parameters and processes for clients to ensure application functionality and a smooth transition to the new eCommerce gateway.
- Align with IT Services Operational Excellence initiatives for Disaster Recovery and Change Management
Schedule and Status of Deliverables
- July 26: Upgrade gateway code, release for internal testing
- August 4: Release to UAT
- August 20: UAT complete
- August 24: Cutover to production