Regulations for Service Providers

deanwebb · March 22, 2016, 11:36:28 AM

Question regarding regulations for SPs... are there any requirements like PCI/DSS, HIPAA, SOX, EU, FCC that are considerations for traffic that go across SP networks?

This is specifically for customer data. I know that customer billing would go through PCI/DSS, but if a bank has financial data going across the SP network, are there any requirements for the SP to secure that data? Or, if the bank is sending that info in plaintext, then that info is in plaintext for all to see - too bad for the bank?

Are customers able to request particular security requirements? I know that the US government can require its SP connections to meet certain standards, but what about other customers?

srg · March 22, 2016, 12:25:36 PM

Of course you can put it in the RFO as a customer, and if the SP wants your business they will provide a secure service. Other than that no, at least not in this part of the world.

deanwebb · March 22, 2016, 01:15:12 PM

That's what I thought, thanks.

routerdork · March 22, 2016, 03:51:41 PM

All we ever had to be accountable for was anything contracted. Many of our PCI/DSS customers used WAN encryption so they didn't care what we did.

srg · March 22, 2016, 04:25:58 PM

Yeah my experience is that the customer almost exclusively would want to do their own WAN encryption. Not sure if there is a big market for SPs selling really encrypted VPNs, but I do know Cisco are pushing this on the ASR9K with the new Tomahawk NPU, to do end-to-end MACSEC VPN services.

Regulations for Service Providers

deanwebb

srg

deanwebb

routerdork

srg