Mason Karrer

Archer Content Library Updates Q2/2015

Blog Post created by Mason Karrer Employee on Jul 7, 2015

Hello everybody! I hope you had a wonderful 4th of July weekend! Independence Day is my all-time favorite holiday and this year did not disappoint. But now that the BBQ smoke cloud has settled and the Prilosec has subdued the effects of too much brisket and cherry pie, it’s back to work! And a lot of work to do indeed with so much on the horizon ahead of the annual Archer Summit at RSA Charge.  With that I’ll keep things short & sweet here and jump right into several highly anticipated items included in this content update.

 

First off is PCI-DSS v3.1. Rumor has it that four out of five PCI Council members agree it’s the DSS standard you’ve always wanted and way better than that old decrepit 3.0 standard they released so many years months ago. Ok yes I am poking some fun. And I guess to be fair it’s not the Council’s fault those protocol vulnerabilities were discovered right after DSS v3.0 came out. Inconveniencing? Yes. But necessary? Also (begrudgingly) yes.

 

In any case since 3.1 is largely the same we toyed with the idea of just issuing an update to the previous 3.0 content but ultimately decided instead to bundle 3.1 as a net new addition and take the opportunity to further improve the look and feel at the same time. This Archer content pack is tight as a drum and one of the most interconnected content sets we’ve produced yet. We’re talking a full boat package that includes the authoritative source, control procedures, all self-assessment questions, and triangular mappings to Archer Control Standards. In short you’re good to go with everything needed to operationalize your PCI compliance program in Archer right out of the box.

 

Also included this round is the latest Cloud Controls Matrix (v3.0.1) from the Cloud Security Alliance as a mapped authoritative source, along with their updated Consensus Assessment Initiative Questionnaire (CAIQ) as a set of mapped assessment questions.

 

The other authoritative source included in this update is the latest FFIEC Business Continuity Planning Booklet released in February, 2015.

 

The last item included in the update is a collection of 2,100+ new technical control procedures for more than a dozen different technologies including Apache Web Server, Linux, and several Microsoft products.

 

So that’s the overview in 400 words or less. The update page with release notes is here and content import packs are available through Customer Support. As always we’re here to answer questions too - whatever you need.

 

With that you’re now free to resume your regularly scheduled summer activities!

Mason

@masonkarrer

Outcomes