CISP - Cardholder Information Security Program

In April 2000, Visa launched its Cardholder Information Security Program (CISP) as a standard for securing Visa cardholder data.

Effective since June 2001, CISP compliance has been required of all entities that store, process, or transmit Visa cardholder data. Financial institutions offering VISA cards must comply with CISP and are responsible for ensuring the compliance of their merchants and service providers for all payment channels, including retail, mail/telephone-order and ecommerce.

Specifically, Level 1 Merchants, Level 1 Service Providers, and Level 2 Service Providers must be in compliance with the Visa U.S.A. Cardholder Information Security Program (CISP) and create reports on Compliance

The Snare Server, from InterSect Alliance, provides a centralised collection, analysis, reporting and archival function for a variety of audit log sources, and is used by several organisations to meet CISP guidelines.

---

Snare provides a central collection, analysis, reporting and archival capability for a variety of operating systems, appliances, and servers, including:
Windows NT/2000/XP/2003	Linux	Solaris	AIX	Irix
Tru64	ACF2	RACF	CISCO Routers / IOS	CISCO 6500 Firewall
CISCO Pix Firewall	CyberGuard Firewall	CheckPoint Firewall 1	Gauntlet Firewall	Netgear Firewall
Netgear Router	Netscreen Firewall	Nortel VPN devices	IPTables Firewall	Microsoft ISA Server
Microsoft IIS Server	Microsoft FTP Server	Microsoft Exchange Server	Microsoft Chat Server	Microsoft Proxy Server
Apache	Squid	Point of Sale terminals (POS)	Lotus Notes	Snort NIDS
IBM Socks Server	Universal Log Format	Generic Syslog Data