SharePoint sites that are used to capture, process, or store cardholder data are subject to the requirements of the Payment Card Industry Data Security Standard (PCI DSS). Besides use cases where SharePoint is designed in to the credit card processing systems architecture, organizations can have PCI compliance issues when end users extract or export this data from other systems and store cardholder data in unstructured files in SharePoint.
Complying with PCI DSS in your SharePoint environment requires an understanding of the requirements of PCI, and it requires implementing some 3rd security controls that are not available on the native SharePoint platform.
To understand how to deal with credit card data in SharePoint and achieve PCI compliance, the compliance and security experts at CipherPoint have also created a series of free tools and whitepapers for the SharePoint community.
These include a free content scanner tool that will crawl SharePoint sites and the content stored in them, looking for pattern matches on common credit card number data patterns in files stored in SharePoint. The content scanner may be registered for and downloaded here, at the SharePoint Defense in Depth community site.
CipherPoint has also created a whitepaper describing SharePoint PCI compliance issues. Register for and download this free SharePoint PCI Compliance whitepaper here.
This is a paid announcement by CipherPoint.