Security Policy & Issues

PCI-DSS Certification

Nebraska.gov is fully compliant with all PCI-DSS regulations. The core of the PCI DSS is a group of principles and accompanying requirements, around which the specific elements of the DSS are organized:

  • Build and Maintain a Secure Network
    Requirement 1: Install & maintain a firewall configuration to protect cardholder data
    Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
  • Protect Cardholder Data
    Requirement 3: Protect stored cardholder data
    Requirement 4: Encrypt transmission of cardholder data across open, public networks
  • Maintain a Vulnerability Management Program
    Requirement 5: Use and regularly update anti-virus software
    Requirement 6: Develop and maintain secure systems and applications
  • Implement Strong Access Control Measures
    Requirement 7: Restrict access to cardholder data by business need-to-know
    Requirement 8: Assign a unique ID to each person with computer access
    Requirement 9: Restrict physical access to cardholder data
  • Regularly Monitor and Test Networks
    Requirement 10: Track & monitor all access to network resources & cardholder data
    Requirement 11: Regularly test security systems and processes
  • Maintain an Information Security Policy
    Requirement 12: Maintain a policy that addresses information security

To further the adoption of the PCI DSS, the PCI Security Standards Council defines credentials and qualifications for QSAs and ASVs. The PCI Security Standards Council also manages a global training and certification program for QSAs and ASVs, and will publish a directory of certified providers on this Web site.

Cybertrust Certification

Nebraska.gov has proven 100% compliance and is certified by Cybertrust.

Cybertrust SMP Enterprise Certification addresses all aspects of proactive information security at a single location or across your enterprise. The achievement of Cybertrust SMP Enterprise Certification demonstrates that an organization has met or exceeded security requirements in five critical control areas (policy, human, physical, device, network).

Requirements include:

  • Documentation and implementation of information security policies and standards.
  • Implementation of appropriate security controls.
  • Mitigation of high-severity vulnerabilities on critical systems in the external, DMZ and LAN environments.
  • Conservative configuration of wireless access points.
  • Implementation of default deny and appropriate e-mail filtering for external perimeter.
  • Procedure to address anomalies in devices, wireless and analog phones lines.
  • Implementation of current anti-virus signatures and password-protected terminals.

Known Issues

All current known issues will be listed below. To report an issue, please use the request form or call our office at 402.471.7810.

  • NO KNOWN ISSUES AT THIS TIME