OverviewEmail Security SecureTransport Validation Authority                          
OverviewIndustry Solutions Application Solutions                                                                     
OverviewPortal Login Consulting Training Contact                                           
Overview Find a Partner Apply Now Technology                         
 
 

Applications: Regulatory Compliance

Regulatory Compliance Applications

› PCI Compliance

› HIPAA

› Sarbanes-Oxley (SOX)

› California SB1386

 

Industry regulations can significantly impact an organization’s security strategy.  Sarbanes-Oxley, HIPAA, GLBA and other regulations require Internet communications are secure and protected. Tumbleweed solutions can help you achieve regulatory compliance. 




PCI – Payment Card Industry Data Security Standard

In response to the rising tide of identity theft, the PCI Data Security Standard was developed to protect cardholders and the payment card industry from the damaging and costly consequences of data breaches. Merchants, payment processors, banks and service providers must now comply with these new standards or face major fines and increased transaction costs. Yet it remains a challenge for most companies to balance the need to lock down cardholder information against the need for employees and partners to conduct day-to-day business without disruption.

With the myriad of companies involved in payment card transactions and processing services, protecting cardholder data is paramount – networks and information systems must protect against intrusions and unauthorized access to key payment card systems and data. Security must be in place to prevent both internal and external threats that can cause payment card data breaches. Email and file transfers involving payment card information are necessary to conduct business – but these communications must be conducted securely and in compliance with PCI DSS.

MailGate and SecureTransport products provide a comprehensive set of security, content filtering, strong encryption, access controls and secure file transfer capabilities to help your organization secure payment card data and comply with the PCI Data Security Standard. These capabilities ensure against cardholder data breaches, with trusted internal and external communications that protect payment card data in motion.

With MailGate, organizations can:

  • Identify and block messages containing restricted magnetic stripe data, using dedicated PCI lexicons with powerful filtering and policy definition technology.
  • Detect and encrypt cardholder data in email messages, or report and block attempted transmission of cardholder data to detect unauthorized use.
  • Track and document PCI compliance to conduct pre-audits or demonstrate resolution of past audit issues.
  • Protect PCI-related data and systems from external threats with comprehensive security against spam, viruses, worms and hacker intrusions

With SecureTransport, organizations can:

  • Use a secure point-to-point file transfer protocol to share payment card information with partners in a safe and efficient Internet communications model 
  • Conduct B2B and EDI transactions with strong encryption, using standards-based Internet protocols with FTP, FTPS (SSL/TLS), SFTP (SSH), HTTP, HTTPs (SSL/TLS) and AS2
  • Audit and report on data exchanges to demonstrate regulatory compliance

Learn more about Tumbleweed solutions for PCI Compliance.

^back to top

HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) includes regulations that require all individually-identifiable health care information be protected to ensure privacy and confidentiality when electronically stored, maintained, or transmitted.

While network firewalls and conventional security solutions can help secure content stored on the network, protecting that information once it has left the network requires an additional layer of security on the messages themselves. This security needs to be applied not only to communications between health care organizations and patients, but also between health care organizations themselves. In other words, whenever patient-identifiable information is sent across the Internet, it needs to be secured.

Secure Messenger and SecureTransport products provide a comprehensive set of security, audit, and file transfer capabilities to help your organization comply with HIPAA regulations. These capabilities shield you from the liabilities associated with unprotected and uncontrolled e-mail communication. 

With Secure Messenger, organizations can:

  • Identify messages containing protected health information (PHI) using dedicated HIPAA lexicons with powerful filtering and policy definition technology.
  • Ensure the confidentiality of messages containing PHI using the most appropriate encryption method for recipients so they can easily decrypt the message.
  • Track and document compliance for regulatory and legal risk mitigation.
  • Protect healthcare-related data and systems from email-based threats including spam, viruses, worms and hackers.

With SecureTransport, organizations can:

  • Easily convert paper-based or proprietary electronic transfers to a secure, standards-based Internet model.
  • Employ a broad set of standard file transfer protocols, including FTP, secure FTP, HTTP, HTTPS, and AS2.

Learn more about Tumbleweed solutions for Healthcare.                         

^back to top

Sarbanes-Oxley (SOX)

Signed into U.S. law in 2002, the Sarbanes-Oxley Act (SOX) is a direct result of a number of major corporate and accounting scandals that resulted in a loss of public trust in accounting and reporting practices. This landmark legislation has wide-ranging impacts for most companies, including new requirements surrounding the transfer of electronic information. With security of financial transactions and personal information now a matter of law rather than choice, many are seeking new, efficient ways to protect privacy, verify identities, and ensure data integrity online. 

For more than 10 years, Tumbleweed has been enabling organizations to create secure, auditable online channels for customer and partner communications. Tumbleweed SecureTransport™ and MailGate Secure Messenger™ provide a comprehensive set of security, tracking, and auditing capabilities to help companies comply with current and future SOX requirements.

With SecureTransport, organizations can:

  • Securely transfer financial transactions, critical business files, large documents, XML, and EDI transactions over the Internet.
  • Ensure completeness and accuracy of any data exchange, regardless of the protocol or client (browser, secure ftp, AS2, etc.)
  • Create a digitally signed (i.e., tamper-evident) audit record of each such transfer, including time/date, data integrity check, and other relevant information in each record.
  • Run reports on records for ongoing compliance monitoring
  • Provide strong information security controls, including strong password policies (composition, expiration, lock-outs), security controls for user access (IP screening and date/time controls, and command-level controls to disable or override behavior of various commands (delete, directory listing, etc.).
  • Create snapshots of configurations for easy rollback.

Secure Messenger, now in its sixth generation, is the leading software solution for securing email communications. Currently deployed at some of the most demanding enterprises in the Global 2000, MailGate Secure Messenger enables organizations to enforce their own specific corporate policies in compliance with SOX regulations.                       

^back to top

California SB 1386

The California Security Breach Notification Act (SB 1386) mandates public disclosure of computer security breaches in which confidential information of any California resident may have been compromised. The law covers every enterprise–public or private, regardless of location–doing business with California residents. Effective July 1, 2003, those who fail to disclose that a security breach has occurred could be liable for civil damages or face class-action lawsuits.

While penalties such as fines or minimum prison time have not been specifically enumerated, damages from negative publicity in the media, costs in notifying thousands of customers, and the ensuing public relations nightmare are incalculable. Further, SB 1386 specifically allows civil lawsuits stating, “Any customer injured by a violation of this act may institute a civil action to recover damages.”

Mitigating Risk with Encryption

Firms or agencies that encrypt all instances of personal data during storage or transmission are not subject to the notification requirements of SB 1386. Tumbleweed MailGate and Tumbleweed SecureTransport provide the encryption capabilities organizations need to qualify for this exemption.

With Tumbleweed MailGate, organizations can:

  • Monitor and inspect outbound email for content that would violate SB 1386, including personal information, CA driver's license number, credit card number and social security number.
  • Enforce secure email communications policies when confidential information is found.
  • Encrypt email messages to ensure security and privacy, no matter who the recipients are or what email clients they use.

With SecureTransport, organizations can:

  • Encrypt and transmit data and files using SSL, S/FTP, SSH, or AS2 protocols.
  • Stream data through the DMZ so personal information is never stored “in the clear”.
  • Encrypt information for storage in a secure online repository.

^back to top

Tumbleweed Products

Application Solutions

Inbound Email Protection Outbound Email Security Email Authentication Managed File Transfer Identity Validation Regulatory Compliance

Additional Information

Contact Us

Whitepapers

Achieve PCI Compliance for Email and File Transfers

HIPAA-Compliant Process Automation

Healthcare Industry Best Practices for Securing Email

Email Content Filtering Strategies for GLBA Compliance

Brochures

SecureTransport

Secure Messenger

Fact Sheets

HIPAA Accelerator