Regulations for Service Providers

Started by deanwebb, March 22, 2016, 11:36:28 AM

Previous topic - Next topic

deanwebb

Question regarding regulations for SPs... are there any requirements like PCI/DSS, HIPAA, SOX, EU, FCC that are considerations for traffic that go across SP networks?

This is specifically for customer data. I know that customer billing would go through PCI/DSS, but if a bank has financial data going across the SP network, are there any requirements for the SP to secure that data? Or, if the bank is sending that info in plaintext, then that info is in plaintext for all to see - too bad for the bank?

Are customers able to request particular security requirements? I know that the US government can require its SP connections to meet certain standards, but what about other customers?
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

srg

Of course you can put it in the RFO as a customer, and if the SP wants your business they will provide a secure service. Other than that no, at least not in this part of the world.
som om sinnet hade svartnat för evigt.

deanwebb

Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

routerdork

All we ever had to be accountable for was anything contracted. Many of our PCI/DSS customers used WAN encryption so they didn't care what we did.
"The thing about quotes on the internet is that you cannot confirm their validity." -Abraham Lincoln

srg

Yeah my experience is that the customer almost exclusively would want to do their own WAN encryption. Not sure if there is a big market for SPs selling really encrypted VPNs, but I do know Cisco are pushing this on the ASR9K with the new Tomahawk NPU, to do end-to-end MACSEC VPN services.
som om sinnet hade svartnat för evigt.