Is Workload Automation AE PCI Compliant?

book

Article ID: 16179

calendar_today

Updated On:

Products

CA Workload Automation AE - Business Agents (AutoSys) CA Workload Automation AE - Scheduler (AutoSys) CA Workload Automation Agent

Issue/Introduction

CA Workload Automation AE



Is Workload Automation AE PCI Compliant?

Environment

CA WAAE R11.3.5 Onward

Resolution

Yes Workload Automation AE is PCI complaint as it met below requirements:

We scan our products for vulnerabilities and monitor third-party components for vulnerabilities.

Workload Automation AE database password can be changed during the installation or post installation to not have default passwords.

Workload Automation AE does not store any card information anywhere in the product.

Data sent between Workload Automation AE components is encrypted. It uses AES 128-bit encryption. i.e. 128-bit key to encrypt and decrypt data or files.
128-bit encryption is considered to be logically unbreakable.
We currently use CBC encryption mode. This is following FIPS 140-2.

Every packet sent is encrypted by the source and decrypted by the destination, the correct
cryptkey must be used to decrypt the data otherwise the data is considered invalid and is discarded.

Additional Information

 

https://docops.ca.com/ca-workload-automation-ae/11-4-2/en/securing/ca-workload-automation-ae-data-encryption