When an organization’s network is left exposed by insecure wireless LAN devices, hackers can compromise an organization’s network backbone, rendering the investment in IT security useless. Not only are there financial implications from a security standpoint, but the breach can potentially impact the company’s reputation and proprietary and regulatory information. These scenarios can lead to additional financial loss and legal ramifications. Hence various regulatory bodies have defined policies that have to be complied with by organizations. Regardless of the WLAN deployment status, organizations have to ensure that they track all wireless activity and prevent the transmission of wireless data in clear text.

AirDefense helps organizations comply with various regulatory mandates such as PCI DSS, DoD 8100.2, HIPAA, GLBA and Sarbanes-Oxley.

Payment Card Industry Data Security Standard (PCI DSS)
Retailers have to comply with the mandates made by the Payment Card Industry (PCI). PCI DSS requires that card holder environments change wireless defaults (passwords, SSIDs, WEP keys, etc.), analyze and identify all wireless devices, restrict physical access to wireless devices, log wireless activity and define wireless usage policies.

Department of Defense Directive 8100.2
The Department of Defense Directive 8100.2 establishes policy and assigns responsibilities for the use of commercial wireless devices, services, and technologies in the DoD Global Information Grid. It spells out policies for deploying secure wireless networks and requires monitoring of those wireless networks for compliance.

Health Insurance Portability and Accountability Act (HIPAA)
Healthcare organizations have to maintain the sanctity of patient data by complying with HIPAA regulations. They need to support the security management process through constant verification and enforcement of security policies, provide intrusion alarms, audit trail information, event reporting capability and continuous vulnerability assessment.

GLBA – Safeguards Rule
The GLBA – Safeguards Rule has been defined for banking and financial institutions to insure the security and confidentiality of customer information, protect against anticipated threats to the security or integrity of such information and protect against unauthorized access to such information that could result in substantial harm to customers.

Sarbanes-Oxley Act
The Sarbanes-Oxley Act Section 404 requires all publicly traded firms to file an internal control statement attesting to management's responsibility for establishing and maintaining adequate internal control over financial reporting for the company. The IT department must document, test, monitor and report the effectiveness of internal control processes.