Is Workload Automation AE PCI Compliant?

Document ID : KB000016179
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

CA Workload Automation AE

Question:

Is Workload Automation AE PCI Compliant?

Environment:
CA WAAE R11.3.5 Onward
Answer:

Yes Workload Automation AE is PCI complaint as it met below requirements:

We scan our products for vulnerabilities and monitor third-party components for vulnerabilities.

Workload Automation AE database password can be changed during the installation or post installation to not have default passwords.

Workload Automation AE does not store any card information anywhere in the product.

Data sent between Workload Automation AE components is encrypted. It uses AES 128-bit encryption. i.e. 128-bit key to encrypt and decrypt data or files.
128-bit encryption is considered to be logically unbreakable.
We currently use CBC encryption mode. This is following FIPS 140-2.

Every packet sent is encrypted by the source and decrypted by the destination, the correct
cryptkey must be used to decrypt the data otherwise the data is considered invalid and is discarded.

Additional Information:

 

https://docops.ca.com/ca-workload-automation-ae/11-4-2/en/securing/ca-workload-automation-ae-data-encryption