RSA Unveils PCI Packages for Level 2 Merchants

SA Unveils PCI Packages for Level 2 Merchants to Address Key PCI DSS Compliance Challenges. New Level 2 Merchant PCI Packages from RSA Offer Immediate, Actionable Solutions to Meet End-of-Year Deadlines

BEDFORD, Mass., Oct. 7 — RSA, The Security Division of
EMC (NYSE: EMC), today announced two packages of information security
products designed to help Level 2 Merchants address their immediate
challenges associated with Payment Card Industry (PCI) Data Security
Standard (DSS) compliance.

Visa USA and MasterCard define Level 2 Merchants as any business
annually processing between 1,000,000 to 6,000,000 credit card
transactions, regardless of acceptance channel, per year.

The RSA packages are designed to allow Level 2 Merchants to apply a set
of enterprise-quality solutions — including data discovery, encryption,
role- based access control, strong authentication, security information &
event management and compliance reporting — to their toughest PCI
challenges. One package contains strong authentication, security
information & event management and encryption solutions, while the second
package contains strong authentication and security information & event
management offerings. These technologies can be used to help merchants
comply with PCI requirements 3, 7, 8 and 10, while also helping
organizations to actively demonstrate this compliance. The need for a
packaged set of PCI solutions for Level 2 businesses was identified in a
whitepaper recently commissioned by RSA, highlighting original research by
analyst firm Enterprise Management Associates into the challenges that
Level 2 businesses face with respect to PCI DSS compliance.

“With its introduction of PCI packages for Level 2 businesses, RSA, The
Security Division of EMC, is bringing to market a set of actionable PCI
solutions for this class of organization,” said Scott Crawford, Research
Director of Enterprise Management Associates. “Leveraging its thought
leadership in encryption, strong authentication, role-based access control
and security information and event management, RSA’s PCI packages put
enterprise- grade tools within the reach of the Level 2 business.”

All MasterCard(1) and 282 of Visa’s(2) Level 2 Merchants are required
to validate PCI compliance prior to December 31, 2008. Due to the
repercussions associated with failing to comply, including increased fees,
fines and ultimately losing the right to accept credit cards, today’s
businesses face unprecedented levels of accountability for securing
cardholder data.

“Customers have made it clear that while progress has been made with
respect to cardholder data security, initially demonstrating and
maintaining PCI compliance remains one of the broadest and most complex
challenges faced by businesses, payment processors and banks of all sizes,”
said Steve Preston, Senior Director, Solutions Marketing at RSA, The
Security Division of EMC. “This challenge is particularly significant for
the Level 2 Merchants facing compliance deadlines on December 31, 2008. By
delivering inclusive security packages specifically designed for Level 2
businesses, we can help our customers get closer to where they need to be
by year-end.”

RSA’s PCI Packages for Level 2 Businesses

These two distinct PCI packages offer actionable, enterprise-class
security products to Level 2 Merchants facing immediate challenges
associated with PCI DSS compliance. Complemented with installation
services, the individual components are available in easy-to-deploy form
factors and are also highly scalable - allowing for future expansion and
the ability to address additional security and compliance initiatives.

Individual components include:

Strong Authentication: RSA SecurID(R) 25-User Hardware Appliance Bundle

To help organizations address PCI DSS requirement 8, which calls for
strong authentication, the RSA PCI packages include a 25-user RSA SecurID
appliance bundle, which contains a hardware appliance, hardened operating
system, RSA(R) Authentication Manager software, hardware support, cabling,
documentation, and 25 RSA SecurID 700 tokens.

Security Information and Event Management: The RSA enVision(R) platform

To help businesses track and monitor access as mandated in PCI DSS
Requirement 10, RSA’s PCI packages include an RSA enVision appliance
capable of handling 2,500 sustained events per second. An additional design
and implementation service for the RSA enVision solution complements the
packages.

Data Protection Option: RSA(R) File Security Manager

To address PCI DSS Requirement 3, which details data protection best
practices, one version of the RSA PCI packages contains RSA File Security
Manager. This option is designed to enable the transparent encryption of
both production and non-production files and folders for Windows(R) based
systems.

Data Discovery Option: RSA(R) DLP RiskAdvisor Service (Optional
Addition)

Securing credit card data as required by the PCI DSS is impossible
without finding the data first. The RSADLP RiskAdvisor Service is an
optional addition to the PCI packages and is engineered to help businesses
determine where cardholder data resides across endpoints and within data
centers.

While the offerings in the RSA PCI packages are configured to help
Level 2 businesses tackle their immediate PCI challenges, these
technologies can be expanded over time to address future additional
security and compliance initiatives. Additional information on how to do
this can be found at http://www.rsa.com/pci

About RSA

RSA, The Security Division of EMC, is the premier provider of security
solutions for business acceleration, helping the world’s leading
organizations succeed by solving their most complex and sensitive security
challenges. RSA’s information-centric approach to security guards the
integrity and confidentiality of information throughout its lifecycle - no
matter where it moves, who accesses it or how it is used.

RSA offers industry-leading solutions in identity assurance & access
control, data loss prevention, encryption & key management, compliance &
security information management and fraud protection. These solutions bring
trust to millions of user identities, the transactions that they perform,
and the data that is generated. For more information, please visit
http://www.RSA.com and http://www.EMC.com.

RSA, SecurID and enVision are registered trademarks and/or trademarks
of RSA Security Inc. in the U.S. and/or other countries. EMC is a
registered trademark of EMC Corporation. Microsoft and Windows are either
registered trademarks or trademarks of Microsoft Corporation in the United
States and/or other countries. All other products and/or services mentioned
are trademarks of their respective companies.

(1) http://www.mastercard.com/us/sdp/merchants/merchant_levels.html

(2)
http://usa.visa.com/download/merchants/cisp_pcidss_compliancestats.pdf

SOURCE EMC Corporation

http://www.emc.com via PRNewswire

• NRG Energy's David Crane and Madeleine Albright Talk 'Sense and Sustainability' About The Energy Industry at Second Platts Lecture
• Inspirational Hematologists Honored With Mentor Awards From the American Society of Hematology
• ASH Honors Speaker of the House Nancy Pelosi and NHLBI Deputy Director Susan Shurin, MD, for Their Public Service, Leadership, and Commitment to Biomedical Research
• Sangamo BioSciences Provides Update on Company's 2008 Progress and 2009 Objectives
• The Gymboree Corporation to Present at 9th Annual Wedbush Morgan 2008 California Dreamin' Conference