Pci Dss Partner Ec TDM Proposal

<<PartnerLogo>>
Note to AMs: If this document will be printed and bound, please create space for hole punching or binding as follows: 1. Select File / Page Setup. 2. On the Margins tab, set Gutter to .25 and Gutter Position to Left. 3. Select Whole Document from the Apply To drop-down list. 4. Update the table of contents (select TOC and press F9). 5. Delete this text box prior to submitting or printing document.
Payment Card Industry Data Security Standard Partner/Reseller Version

Simplifying Compliance Strategies Proposal for <<client>> July 2011
TDM Template
<Delete this text box and insert cover page graphic>
<<clientLogo>>
<<PartnerLogo>>
Template Instructions

Fill in all information that appears in <<red>> within brackets and update font color. Instructions are given in text boxes. These should be deleted. See example below: <This is a sample instructional text box. Delete before sending to Customer.>
Insert appropriate cover graphic. Insert Partner Logo and Customer Logo in the Header. Highlight the table of contents and press F9 to update. Delete this page.
<<PartnerName>> CONFIDENTIAL
-i-
Payment Card Industry Data Security Partner/Reseller Version
<<clientLogo>>
<<PartnerLogo>>
Legal Disclaimer
This proposal is being provided by a Cisco authorized reseller utilizing a Cisco solution. Certain technical and other information in this response may have been provided by Cisco; however, nothing herein shall be construed as a quotation or offer to contract directly with Cisco. The Cisco logos, trademarks and other information provided by Cisco appear in this response with Ciscos permission and are proprietary and confidential information of Cisco Systems, Inc. All other information, including any pricing information, is provided by the Cisco authorized reseller and not by Cisco, and any relationship resulting from this response will be directly with such reseller and not Cisco.
- ii -
<<clientLogo>>
<<PartnerLogo>>
Table of Contents
1EXECUTIVE SUMMARY.................................................................................................................................1 1.1<<CLIENT>>S CHALLENGE...........................................................................................................................1 1.2PROPOSED SOLUTION.....................................................................................................................................2 1.3CUSTOMER BENEFITS.....................................................................................................................................3 1.4WHY <<PARTNERNAME>>?..........................................................................................................................3 1.5CUSTOMER TESTIMONIALS.............................................................................................................................4 1.6CONCLUSION...................................................................................................................................................4 2SOLUTION OVERVIEW...................................................................................................................................5 1.7SOLUTION OVERVIEW.....................................................................................................................................5 1.8SOLUTION COMPONENTS................................................................................................................................5 1.8.1Cisco Routing.........................................................................................................................................6 1.8.2Cisco ISR G2 SEC and VSEC Bundles..................................................................................................6 1.8.3Cisco Switching......................................................................................................................................7 1.8.4Cisco Network Security..........................................................................................................................9 1.8.5Cisco Wireless......................................................................................................................................14 1.8.6Cisco MSE............................................................................................................................................15 1.8.7Cisco Adaptive wIPS with ELM...........................................................................................................16 1.8.8Cisco Physical Security........................................................................................................................19 1.8.9Cisco Compute Systems and Storage...................................................................................................20 1.8.10Cisco Management.............................................................................................................................21 1.8.11Cisco Voice........................................................................................................................................22 1.8.12Cisco WAN Optimization...................................................................................................................23 3SERVICES & SUPPORT OVERVIEW..........................................................................................................25 1.9SERVICES OVERVIEW....................................................................................................................................25 1.10SERVICES OPTIONS.....................................................................................................................................25 1.10.1Cisco PCI Compliance Professional Services...................................................................................25 1.10.2Cisco PCI Technical Services............................................................................................................26 1.11FINANCIAL OPTIONS...................................................................................................................................27 4CUSTOMER BENEFITS & RETURN ON INVESTMENT........................................................................28 1.12CUSTOMER BENEFITS.................................................................................................................................28 1.13GENERAL RETURN ON INVESTMENT / BUSINESS IMPACT..........................................................................28 5CUSTOMER PROOF POINTS........................................................................................................................30 6STATEMENT OF COMPLIANCE.................................................................................................................31 7PRICING............................................................................................................................................................32 8APPENDICES....................................................................................................................................................33 1.14ADDITIONAL INFORMATION........................................................................................................................33 1.15ACRONYM LIST...........................................................................................................................................33
- iii -
<<clientLogo>>
<<PartnerLogo>>
Executive Summary
<Please note that this is a sample document that you will need to customize to fit the customers objectives and challenges. This proposal is provided as is and may not be appropriate for all situations. Please note that the reseller shall be responsible for the contents of this proposal.>
1.1
<<client>>s Challenge
According to the American Bankers Association, an estimated 10,000 payment card transactions are made every second around the world. Founded by the card brands (AmEx, MC, Visa, and Discover/JCB), the PCI DSS is designed to protect cardholder data. However, retailers still need to create a network architecture that works for their business and also meets the PCI DSS compliance standards that are required by all major credit card brands for any organization that processes payment cards or transfers and stores payment card data. But, as organizations begin to take advantage of wireless technology to improve operations and gain a competitive advantage, PCI DSS requires retailers to extend the same level of security from the wired network to the wireless network and provides specific guidelines as to how to protect point-of-sale data over the wireless network. For todays retailer, any solution that deals with PCI DSS compliance must be able to:
Build and maintain a secure network: A secure network means fulfilling PCI DSS requirements one and two about network firewalls, default settings, and other security parameters. Protect cardholder data: Protecting data requires the solution to protect stored data as well as encrypting a variety of other data as set forth in
-1-
<<clientLogo>>
<<PartnerLogo>>
PCI DSS requirements three and four.
Maintain a vulnerability management program: This requirement from PCI DSS means that networks must regularly update antivirus software and develop secure systems and applications per guidelines five and six. Implement strong access control measures: The requirement also includes restricting physical access to cardholder data as well as assigning a unique computer ID to each person in the company and restricting computer access to sensitive data as per PCI DSS guidelines seven, eight, and nine. Regularly monitor and test networks: A solution that regularly tested the security systems and tracked all access to end-user data would be in accordance with PCI DSS requirements 10 and 11. Maintain an information security policy: Finally, a solution that maintained a policy that addresses every aspect of information security would meet guideline 12 of the PCI DSS.
Clearly, retailers require a solution that can meet the needs of their stores while also meeting the guidelines of the PCI DSS. Being in compliance with those guidelines will save retailers a great deal of money, time, and effort.
1.2
Proposed Solution
The Cisco PCI Solution for Retail 2.0, proposed by <<PartnerName>>, was developed to help retailers simplify and maintain PCI compliance. The solution consists of strategic guidance as well as tactical implementation. A critical element of <<PartnerName>>s proposed Cisco PCI DSS Solution is Cisco network architecture and validated network designs. More than just printed diagrams, these designs, used and recommended by <<PartnerName>>, were deployed and tested in Cisco Labs. Because of this, <<PartnerName>>s proposed Cisco solution applies its enterprise-wide architecture experience to the requirements of PCI. Most industry experts agree that the best way to achieve and maintain PCI compliance is to adopt a strategic, holistic approach to network security risk, management, and compliance that includes the network infrastructure, policies, and procedures. The ability to centrally manage systems, network services, and security is essential to a holistic solution. In addition to simplifying retailers approach to PCI requirements, central management improves operational efficiency and can accelerate delivery of future retail applications that will travel the network infrastructure. <<PartnerName>>s proposed solution offers a network foundation that is an important step for retailers to achieve regulatory compliance requirements and implement data security best practices.
-2-
<<clientLogo>>
<<PartnerLogo>>
<<PartnerName>>s proposed solution was built and tested using a holistic enterprise perspective including the following:
Cisco network architectures, used and recommended by <<PartnerName>>, have been designed for stores, enterprise data centers, and the Internet edge to support e-Commerce operations, store employees, customers, and teleworkers. <<PartnerName>>s proposed Cisco PCI Solution for Retail 2.0 also supports wireless 3G technology deployments and multiple store formats, including pop-up stores and convenience stores, in addition to typical small, medium, and large stores. Verizon Business reviewed the products and network designs and issued an assessment report.
The result is a set of architectures and designs that simplify the process of a retailer becoming PCI compliant, maintaining that posture and providing the capability of awareness when under attack.
1.3
Customer Benefits
The Cisco PCI Solution for Retail 2.0, proposed by <<PartnerName>>, addresses many of the 12 PCI DSS requirements and helps retailers simplify their compliance strategies. It goes beyond just the requirements to provide comprehensive best practices for securing sensitive information. In addition, <<PartnerName>>s proposed Cisco PCI Solution for Retail 2.0 helps protect mobile applications and data. It helps to: build a foundation for ongoing compliance; enhance your companys physical security and risk management; strengthen shopping security; and, enable new business initiatives. Because <<PartnerName>>s proposed Cisco solutions use an architectural approach, you can reap benefits not found in a single-box approach. These benefits include:

Increased end-to-end compliance Increased investment protection Improved efficiency in deploying PCI DSS updates
1.4
Why <<PartnerName>>?
Whether you have two stores across town or 2,000 around the globe, <<PartnerName>>s proposed Cisco solution offers solutions, experience, and expertise to help improve your effectiveness and operational capacity. The Cisco PCI Solution for Retail 2.0, proposed by <<PartnerName>>, can help pull everything together to effectively address the PCI DSS with:
A comprehensive wired and wireless solution: <<PartnerName>>s proposed solution provides a comprehensive wired and wireless solution, enabling complete end-to-end PCI DSS compliance. Specifically for wireless, <<PartnerName>>s proposed Cisco solution provides best-inclass solutions to meet PCI DSS compliance, and also provides
-3-
<<clientLogo>>
<<PartnerLogo>>
incremental solutions that extend security beyond PCI DSS compliance to meet the objective of truly securing cardholder data.
Dedicated compliance resources: In addition to developing technology and solutions for achieving PCI DSS compliance, <<PartnerName>>s proposed Cisco solution has dedicated resources to truly understand the nature of PCI DSS compliance and to provide valuable insight into PCI updates and revisions. Dedicated personnel actively participate as members of the Worldwide PCI Council Board of Advisors in order to represent Cisco expertise, adopted by <<PartnerName>>, in network security, and represent our customers concerns with regard to PCI compliance. Designs that meet or exceed requirements: <<PartnerName>>, through Cisco, offers collaboration with a third-party QSA to help ensure that the designs meet and/or exceed PCI DSS requirements. This process allows customers to deploy <<PartnerName>>s proposed solution architectures with the utmost confidence that they will achieve PCI DSS compliance.
1.5
Customer Testimonials
<Insert the current testimonials as available.>
1.6
Conclusion
Because cyber-criminals never sleep, many retailers are concerned about moving their cardholder information over a wireless network. They have good reason to be concerned because a number of large corporations have been hacked and thousands of credit card numbers have been compromised. However, with an architectural approach to network security, such as the solution proposed by <<PartnerName>>, retailers can create a system that provides compliance with PCI DSS as well as improves the productivity and speed of the network itself. This kind of network is constantly looking for intruders while also securing data behind firewalls and adhering to strict permissions access. <<AMName>> would be pleased to discuss <<PartnerName>>s proposed Cisco solution to grow in difficult environments with you. <<AMFirstName>> can be reached at <<AMEmail>> or <<AMPhone>>.
-4-
<<clientLogo>>
<<PartnerLogo>>
Solution Overview
1.7
Solution Overview
<<PartnerName>>s proposed solution has extensive experience working with wired and wireless networking technologies. Using accumulated best practices, <<PartnerName>> offers a set of architectures in a lab environment with PCI requirements in mind. PCI auditor, Verizon Business, was invited to evaluate these architectures. When deployed and configured as designated in the Cisco PCI Design and Implementation Guide available through <<PartnerName>>, retailers can be confident in their compliance posture as well as security best practices. <<PartnerName>>s proposed Cisco PCI Solution for Retail 2.0 network architectures support secure transport for POS traffic, such as credit card data, cardholder information, transaction logs, and database records. A critical element of the Cisco PCI Solution for Retail 2.0 is Cisco network architecture and validated network designs, available through <<PartnerName>>. Cisco network architectures have been designed for stores, enterprise data centers, and the Internet edge to support e-Commerce operations, store employees, customers, and teleworkers. <<PartnerName>>s proposed Cisco PCI Solution for Retail 2.0 also supports wireless 3G technology deployments and multiple store formats, including pop-up stores and convenience stores, in addition to typical small, medium, and large stores. Cisco network architectures include solutions for virtualized, wired, and wireless deployments, all available through <<PartnerName>>. Retailers can use these network architectures as a guideline for deploying their own network installations as they work toward PCI compliance. These architectures can be used throughout the range of retail environments, from small stores to large retail footprints. To access the PCI Compliance Advisor Tool, please contact your <<PartnerName>> representative.
1.8
Solution Components
<<PartnerName>>s proposed Cisco PCI Solution designed for your particular store or group of stores will be unique. To view Cisco Validated Designs for PCI, please contact your <<PartnerName>> representative. Many Cisco products already include features and the specific intelligence needed to help meet PCI
-5-
<<clientLogo>>
<<PartnerLogo>>
requirements. These products, all available through <<PartnerName>>, include: Cisco ISR and ISR G2 Routers; Cisco ASR; Cisco Catalyst compact, access, and data center switches; Cisco Nexus 1000V Series Switches; Cisco Nexus 5000 and 7000 Series Switches; Cisco ACE; Cisco MDS Switch; Cisco ASA; Cisco IronPort Email Security Appliance; Cisco NAC Appliance; Cisco AnyConnect VPN; Cisco FWSM; Cisco IDSM; Cisco IPS Appliances; Cisco Nexus VSG; Cisco IOS Firewall; Cisco IO SIPS; Cisco Secure ACS; Cisco Aironet Access Points; Cisco Wireless LAN Controllers; Cisco MSE; Cisco Adaptive wIPS; Cisco VSOM; Cisco Video Surveillance IP Cameras; Cisco Physical Security MSP; Cisco Physical Access Manager; Cisco Physical Access Gateways; Cisco UCS and UCS Express; Cisco Security Manager; Cisco WCS; CiscoWorks LMS; Cisco Unified Communications Manager; Cisco Unified IP Phones; Cisco WAE; and Cisco WAAS.
1.8.1
Cisco Routing
1.8.1.1 Cisco ISR

Cisco ISRs, available through <<PartnerName>>, integrate advanced communications and security capabilities based on Cisco IOS Software. Features, available through <<PartnerName>>, include:

Up to 45 Mbps WAN performance with services Service module performance and capacity of 1x and up to 160 GB Fast Ethernet with PoE User-based privileges
For more information, please see: http://www.cisco.com/en/US/products/ps10906/Products_Sub_Category_Home.html
1.8.2
Cisco ISR G2 SEC and VSEC Bundles
The Cisco ISR G2s, available through <<PartnerName>>, are part of the Cisco Borderless Network Architecture that enables business innovation and growth across all remote sites. The nextgeneration architecture delivers a new workspace experience by meeting the performance requirements for the next generation of WAN and network services, enabling the cost-effective delivery of high-definition collaboration at the branch office and providing the secure transition to the next generation of cloud and virtualized network services. Features, available through <<PartnerName>>, include:

Feature-rich security capabilities including video imaging and PCI DSS requirements Media engines that enable business-grade video applications based on high-density videoready DSPs that deliver the medianet high-definition experience Bandwidth-optimized and scalable video services, including media-rich video conferencing, video surveillance, video streaming, and digital signage High-performance (up to 8x), nonstop branch office experience to meet your future WAN and services requirements Investment protection with support for most of the prior generation of integrated services router interfaces
-6-
<<clientLogo>>
<<PartnerLogo>>
For more information, please see: http://www.cisco.com/en/US/prod/collateral/routers/ps10538/aag_c45_556315.pdf
1.8.2.1 Cisco ASR

The Cisco ASR 1000 Series, available through <<PartnerName>>, provides a significant enhanced value compared to prior generations of Cisco mid-range routing solutions by providing more than tenfold performance improvement with services running. In addition, the routers have hardware and software redundancy, as well as an industry-leading high-availability design. The Cisco ASR 1000 Series delivers multiple services embedded in the Cisco QuantumFlow Processor, available through <<PartnerName>>, at wire speeds from 2.5 Gbps to 40 Gbps. The services supported on the Cisco QuantumFlow Processor, and available through <<PartnerName>>, include security services (for example, encryption and firewall), QoS, NBAR, Cisco IOS Flexible Packet Matching, broadband aggregation, and Cisco Unified Border Element, among others. With the separation of the control and data planes in the Cisco ASR 1000 Series Router architecture provided by <<PartnerName>>, software redundancy (on the Cisco ASR 1001, ASR 1002 Fixed, ASR 1002, and ASR 1004 Routers), and hardware redundancy (on the Cisco ASR 1006 and ASR 1013 Routers) are provided. In addition, the modular Cisco IOS XE Software that is introduced with the Cisco ASR 1000 Series, offered by <<PartnerName>>, facilitates ISSU. Features, available through <<PartnerName>>, include:

Superior application availability at the WAN edge Multiservice, scalable, and secure headend Embedded high-speed firewall
For more information, please see: http://www.cisco.com/en/US/prod/collateral/routers/ps9343/data_sheet_c78-447652.pdf
1.8.3
Cisco Switching
1.8.3.1 Cisco Catalyst Series Switches

Cisco Catalyst Series switches, available through <<PartnerName>>, include compact switches, access switches, and data center switches. These switches contain many integrated tools that facilitate the construction of a self-defending network. These tools both apply to network-level interactions in a PCI-compliant network and protect the device itself. Features, available through <<PartnerName>>, include:

Timed session terminations Restricted and logged access Security services Flow management
For more information, please see: http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/ps713/aag_c45_484784_v1.pdf
-7-
<<clientLogo>>
<<PartnerLogo>>
1.8.3.2 Cisco Nexus 1000V Series Switches

Cisco Nexus 1000V Series Switches, available through <<PartnerName>>, provide a comprehensive and extensible architectural platform for virtual machine networking. The switches are designed to accelerate server virtualization and multi-tenant cloud deployments in a secure and operationally transparent manner Integrated into VMware vSphere hypervisor, the Cisco Nexus 1000V Series, available through <<PartnerName>>, provides advanced virtual machine networking based on Cisco NX-OS operating system and IEEE 802.1Q switching technology. It includes Cisco vPath technology for efficient and optimized integration of virtual network services and secure, multi-tenant public and private cloud networks. These capabilities help ensure that the virtual machine is a basic building block of the data center, with full switching capabilities and a variety of Layer 4 through 7 services in both dedicated and multi-tenant cloud environments. For more information, please see: http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9902/data_sheet_c78-492971.pdf
1.8.3.3 Cisco Nexus 5000 and 7000 Series Switches

The Cisco Nexus 7000 Series, available through <<PartnerName>>, is a highly scalable end-to-end 10 Gigabit Ethernet switch series for mission-critical data center operations. The fabric architecture scales beyond 15 Tbps, with future support for 40-Gbps and 100-Gbps Ethernet. Powered by NX-OS, a state-of-the-art modular operating system, the platform, available through <<PartnerName>>, is designed for exceptional scalability, continuous system operation, serviceability, and transport flexibility. The Cisco Nexus 7000 Series, offered by <<PartnerName>>, provides comprehensive security features supported by a robust control plane and wire-rate encryption and decryption, allowing security controls that are less complex and more transparent to the protocols and applications in the data center. Cisco Nexus 5000 Series Switches, part of the unified fabric component of the Cisco DCBA architectural framework and provided by <<PartnerName>>, deliver an innovative architecture to simplify data center transformation that enables a high-performance, standards-based, multi-protocol, multi-purpose, Ethernet-based fabric. They help consolidate separate LAN, SAN, and server cluster network environments into a single Ethernet fabric. Backed by a broad system of industry-leading technology partners, Cisco Nexus 5000 Series Switches, available through <<PartnerName>>, are designed to meet the challenges of next-generation data centers, including the need for dense multisocket, multicore, virtual machine-optimized services, in which infrastructure sprawl and increasingly demanding workloads are commonplace. For more information about Nexus 5000 Series Switches, available through <<PartnerName>>, please see: http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9670/at_a_glance_c45462427.pdf For more information about Nexus 7000 Series Switches, available through <<PartnerName>>, please see http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9402/ps9512/brochure_cisco_nexus_ 7000_series_security_features.pdf
1.8.3.4 Cisco ACE Family

The Cisco ACE Family, offered by <<PartnerName>>, is the next generation of server load balancing and content switching, delivering tightly integrated, essential application service functions in a single
-8-
<<clientLogo>>
<<PartnerLogo>>
powerful system. It provides full server load-balancing and application switching functions with granular traffic control based on customizable Layer 4 through 7 rules. Extensive application health checking directs connections past out-of-service and overburdened servers, reestablishing connections as conditions permit. The Cisco ACE Family, available through <<PartnerName>>, provides state-of-the-art redundancy and failover and is integrated with the Cisco ACE GSS disaster recovery and multiple-data-center failover system, offered by <<PartnerName>>. For more information, please see: http://www.cisco.com/en/US/prod/collateral/modules/ps2706/ps6906/product_data_sheet0900aecd80 45861b.html
1.8.3.5 Cisco MDS Switch with SME

Cisco SME, available through <<PartnerName>>, secures data stored on heterogeneous tape drives and virtual tape libraries in a SAN environment using secure IEEE standard AES 256-bit algorithms. Cisco SME, offered by <<PartnerName>>, is built on a FIPS system architecture and offers secure, comprehensive key management, with support for offline media recovery. Cisco SME, available through <<PartnerName>>, uses cryptographic engines on the Cisco MDS 9222i MMS, MDS 9000 18/4-Port MSM, and MDS 9000 16-Port Storage Services Node, each providing enough throughput to sustain streaming continuously to multiple tape drives and available through <<PartnerName>>. Each Cisco MDS 9000 16-Port Storage Services Node offered by <<PartnerName>> provides encryption throughput that is four times that provided by the Cisco MDS 9222i and MDS 9000 18/4-Port Multiservice Module. Multiple encryption engines can be deployed in a Fibre Channel fabric to easily scale performance, enable load balancing, and increase availability. Cisco SME hardware and software integration with the Cisco MDS 9000 family, available through <<PartnerName>>, makes it easier to deploy and manage sensitive data on SAN attached storage devices. Unlike competitive offerings, Cisco SME, offered by <<PartnerName>>, requires no downtime for deployment and no host agents. The Cisco MDS 9000 18/4-Port Multiservice Module and MDS 9000 16-Port Storage Services Node, offered by <<PartnerName>>, are hot swappable, allowing them to be installed while an existing SAN is in use. No rewiring or SAN configuration changes are required, and encryption provisioning can be performed without shutting down applications. For more information, please see: http://www.cisco.com/en/US/prod/collateral/ps4159/ps6409/ps6028/ps8502/product_data_sheet0900 aecd80692db2.pdf
1.8.4
Cisco Network Security
1.8.4.1 Cisco ASA

The Cisco ASA, offered by <<PartnerName>>, provides intelligent threat defense and secure communications services that stop attacks before they impact business continuity. The Cisco ASA, available through <<PartnerName>>, enables organizations to lower their deployment and operations costs while delivering comprehensive network security for networks of all sizes. Features, available through <<PartnerName>>, include:

Content security capabilities Threat-protected VPN
-9-
<<clientLogo>>
<<PartnerLogo>>
URL filtering
For more information, please see: http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/product_data_sheet090 0aecd802930c5.html
1.8.4.2 Cisco IronPort Email Security Application

<<PartnerName>>, through Cisco, has partnered with RSA, the leader in DLP technology, to provide an integrated DLP solution, RSA Email DLP, on Cisco IronPort email security appliances. To ensure compliance with industry and government regulations worldwide and help prevent confidential data from leaving customer networks, RSA Email DLP offers easy management, comprehensive protection, and unparalleled accuracy. For more information, please see: http://www.cisco.com/en/US/prod/collateral/vpndevc/ps10128/ps10154/Cisco_IronPort_Email_Data_L oss_Prevention_overview.pdf
1.8.4.3 Cisco NAC

The Cisco NAC Appliance, available through <<PartnerName>>, is a powerful, easy-to-deploy admission control and compliance enforcement component of the Cisco TrustSec solution. With comprehensive security features, in-band or out-of-band deployment options, user authentication tools, and bandwidth and traffic filtering controls, the Cisco NAC Appliance, offered by <<PartnerName>>, is a comprehensive solution for controlling and securing networks. You can implement security, access, and compliance policies through a central management point rather than configure policies throughout the network on individual devices. Features, available through <<PartnerName>>, include:

Prevents unauthorized network access to protect your information assets Helps proactively mitigate network threats such as viruses, worms, and spyware Addresses vulnerabilities on user machines through periodic evaluation and remediation Recognizes and categorizes users and their devices before malicious code can cause damage
For more information, please see: http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5707/ps8418/ps6128/product_data_sheet090 0aecd802da1b5.pdf
1.8.4.4 Cisco AnyConnect VPN

The Cisco AnyConnect Secure Mobility Client, offered by <<PartnerName>>, consistently raises the bar in remote access technology by making the experience more seamless and more secure than ever. The AnyConnect Secure Mobility Client, available through <<PartnerName>>, provides a secure connectivity experience across a broad set of PC- and smartphone-based mobile devices, such as the Apple iPhone. As mobile workers roam to different locations, an always-on intelligent VPN enables the AnyConnect Secure Mobility Client, available through <<PartnerName>>, to automatically select the most optimal network access point and adapt its tunneling protocol to the most efficient method, such as Datagram Transport Layer Security protocol for latency-sensitive traffic, such as VoIP traffic or TCP-based application access.
- 10 -
<<clientLogo>>
<<PartnerLogo>>
For more information, please see: http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/data_sheet_c78527494.pdf
1.8.4.5 Cisco FWSM

The Cisco FWSM, available through <<PartnerName>>, is a high-speed, integrated firewall module for Cisco Catalyst 6500 switches and Cisco 7600 Series routers, also available through <<PartnerName>>. It provides the fastest firewall data rates in the industry: 5-Gbps throughput, 100,000 CPS, and 1M concurrent connections. Up to four FWSMs can be installed in a single chassis, providing scalability to 20 Gbps per chassis. Based on Cisco PIX Firewall technology, the Cisco FWSM, provided by <<PartnerName>>, offers large enterprises and service providers unmatched security, reliability, and performance. The Cisco FWSM, offered by <<PartnerName>>, includes a number of advanced features that help reduce costs and operational complexity while enabling organizations to manage multiple firewalls from the same management platform. Features such as resource manager helps organizations limit the resources allocated to any security context at any time thus ensuring that one security context does not interfere with another. The transparent firewall feature configures the FWSM, provided by <<PartnerName>>, to act as a Layer 2 bridging firewall resulting in minimal changes to network topology. For more information, please see: http://www.cisco.com/en/US/prod/collateral/modules/ps2706/product_at_a_glance0900aecd805c34d 3.pdf
1.8.4.6 Cisco IDSM

Security threats have increased in complexity. Multi-gigabit environments and efficient network intrusion security solutions are critical to maintaining a high level of protection. Vigilant protection ensures business continuity and minimizes the effect of costly intrusions. Cisco integrated network security solutions, offered by <<PartnerName>>, enable organizations to protect their connected business assets and increase the efficiency of intrusion prevention systems. The Cisco IDSM-2, available through <<PartnerName>>, is part of the Cisco Systems family of IDS/IPS solutions. It works in concert with other Cisco IDS/IPS components, available through <<PartnerName>>, to efficiently protect your data infrastructure. Features include:

Multi-gigabit scalability Hot swap modules WAN interoperability support Accurant prevention technologies
For more information, please see: http://www.cisco.com/application/pdf/en/us/guest/products/ps5058/c1650/ccmigration_09186a00801e 55dd.pdf
1.8.4.7 Cisco IPS Appliance

The Cisco IPS Appliance, available through <<PartnerName>>, can be used along with the Cisco IPS
- 11 -
<<clientLogo>>
<<PartnerLogo>>
Software solution, offered by <<PartnerName>>, or separately, depending upon the needs of your company, branch office, or retail store. You can determine the differences between the appliance and the software by reading the data sheet comparison chart. For more information, please see: http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6634/product_data_sheet0900 aecd806a1b7e.pdf
1.8.4.8 Cisco Nexus VSG

Cisco VSG for Cisco Nexus 1000V Series Switches, available through <<PartnerName>>, is a virtual appliance that provides trusted access to secure virtualized data centers in enterprise and cloud provider environments while meeting the requirements of dynamic policy-driven operations, mobilitytransparent enforcement, and scale-out deployment for dense multi-tenancy. Cisco VSG, provided by <<PartnerName>>, offers IT departments the benefits of workload virtualization with the security of zone-based controls and activity monitoring, enhanced compliance with corporate security policies and industry regulations, and simplified security audits. Cisco VSG, offered by <<PartnerName>>, helps ensure that access to trust zones is controlled and monitored through established security policies. Features, available through <<PartnerName>>, include:

Enhanced compliance with industry regulations Simplified audit processes in virtualized environments Reduced costs by enabling security in a broader set of virtualized workloads
For more information, please see: http://www.cisco.com/en/US/prod/collateral/modules/ps2706/ps11208/data_sheet_c78-618244.pdf
1.8.4.9 Cisco IOS Firewall

Today there is increased pressure to comply with industry regulations as well as state and federal regulations created to enhance privacy, national security, and in many cases corporate accountability. Examples of these regulations include the PCI DSS, which affects all vendors who receive, store, or transmit cardholder data. In the United States, other examples include HIPAA in the healthcare industry, the Gramm Leach Bliley Act in the financial services industry, and the Sarbanes-Oxley Act in the accounting field. Cisco IOS Firewall, available through <<PartnerName>>, offers the threat defense required for todays changing threat environment. With more dangerous targeted attacks and the growth of the mobile workforce, the perception of network borders and where the office starts and stops has changed significantly to anywhere there is connectivity. Deployed extensively at branch locations and home offices, Cisco IOS Firewall, available through <<PartnerName>>, provides broad security coverage with deployment flexibility and the cost benefits that are fundamental to an integrated security approach. It is the simple-to-use, certified, costeffective firewall solution. For more information, please see: http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5710/ps1018/product_data_sheet091 86a0080117962.pdf
- 12 -
<<clientLogo>>
<<PartnerLogo>>
1.8.4.10 Cisco IOS IPS

In todays business environment, network intruders and attackers can come from outside or inside the network. They can launch distributed denial-of-service attacks, they can attack Internet connections, and they can exploit network and host vulnerabilities. At the same time, Internet worms and viruses can spread across the world in a matter of minutes. There is often no time to wait for human intervention; the network itself must possess the intelligence to recognize and mitigate these attacks, threats, exploits, worms, and viruses. Cisco IOS IPS, available through <<PartnerName>>, is an inline, deep-packet inspection-based solution that enables Cisco IOS Software to effectively mitigate a wide range of network attacks. While it is common practice to defend against attacks by inspecting traffic at data centers and corporate headquarters, distributing the network level defense to stop malicious traffic close to its entry point at branch or telecommuter offices is also critical. For more information, please see: http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6634/product_data_sheet0900 aecd803137cf.pdf
1.8.4.11 Cisco Secure ACS

With the ever-increasing reliance on enterprise networks to perform daily job routines and the increasing number of methods and opportunities to access todays networks, security breaches and uncontrolled user access are of primary concern among enterprises. Network security officers and administrators need solutions that support flexible authentication and authorization policies that are tied to a users identity as well as to context such as the network access type, time of day, and the security of the machine used to access the network. Further, there is a need to effectively audit network use, monitor corporate compliance, and get broad visibility into policies and activities across the network. Cisco Secure ACS, available through <<PartnerName>>, provides the policy control for the Cisco Self-Defending Network architecture, an architecture that protects your business by identifying, preventing, and adapting to threats from inside and outside the company. Cisco Secure ACS, offered by <<PartnerName>>, is a highly scalable, high-performance access policy system that centralizes device administration, authentication, and user access policy and reduces the management and support burden for these functions. Features, available through <<PartnerName>>, include:

A powerful, attribute-driven rules-based policy model that addresses complex policy needs in a flexible manner A lightweight, web-based GUI with intuitive navigation and workflow Integrated advanced monitoring, reporting, and troubleshooting capabilities for maximum control and visibility A distributed deployment model that enables large-scale deployments and provides a highly available solution
For more information, please see: http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps5698/ps6767/ps9911/data_sheet_c78614584.pdf
- 13 -
<<clientLogo>>
<<PartnerLogo>>
1.8.5
Cisco Wireless
1.8.5.1 Cisco 802.11n Access Points

Cisco Aironet Access Points, offered by <<PartnerName>>, provides industry-leading performance for secure and reliable wireless connections. Whether you need entry-level wireless for a small enterprise or mission-critical coverage at thousands of locations, <<PartnerName>>s proposed Cisco solution offers a broad portfolio of access points targeted to the specific needs of all industries, business types, and topologies. Most access points can be purchased in a standalone or controller-based model to support unique requirements for scale and mobility services. Controllers reduce overall operational expenses by simplifying network deployment, operations, and management. They allow network administrators to remotely configure and monitor several access points to thousands of access points in a simple and efficient way. A controller is required to support voice, location services, guest access, and advanced security. Features, available through <<PartnerName>>, include:
The 802.11n standard provides the bandwidth and reliability to support interactive multimedia applications with up to nine times the performance of 802.11a/g networks. In addition, <<PartnerName>>s proposed Cisco technology has true enterprise-class RF technology designed to maximize 802.11n performance. <<PartnerName>>s proposed Cisco technologies, such as CleanAir, ClientLink, and VideoStream, plus optimized access point radios and antennas, improve performance regardless of where client devices are located. A limited lifetime hardware warranty 5 or 10-unit Eco-Pack bundles with a single, easy-to-open carton that streamlines the staging and installation process and reduces packaging waste by 50 percent Mounting brackets that can be easily retrofitted to existing Cisco legacy access points, available through <<PartnerName>>, to minimize migration cost and time
For more information, please see: http://www.cisco.com/en/US/prod/collateral/wireless/ps5678/ps10981/at_a_glance_c45-636090.pdf
1.8.5.2 Cisco Wireless LAN Controllers

Cisco Wireless Controllers, available through <<PartnerName>>, help reduce overall operational expenses by simplifying network deployment, operations, and management. Extending the same Cisco Borderless Networks policy and security from the wired network core to the wireless edge, these Cisco wireless controllers, provided by <<PartnerName>>, deliver the visibility, scalability, and reliability needed to build secure, enterprise-scale wireless networks from branch offices to small enterprises to main campuses. Features, available through <<PartnerName>>, include:

Flexibility to configure wireless policy, management, or security settings at any time through centralized provisioning and management Faster response to business needs by centrally managing wireless networks Standardized access point configuration for software versioning
- 14 -
<<clientLogo>>
<<PartnerLogo>>
wIPS capabilities Networkwide QoS for voice and video across wired and wireless networks Networkwide centralized security policies across wired and wireless networks
For more information, please see: http://www.cisco.com/en/US/prod/collateral/modules/ps2706/at_a_glance_c45-652653.pdf
1.8.6
Cisco MSE
Cisco Mobility Services, offered by <<PartnerName>>, are a set of value-added network services that consolidate intelligence from various points in the network to enable and optimize the delivery of business mobility applications. This intelligence has typically been highly distributed throughout the network, resulting in complex service provisioning and management. When services, control, and data planes are combined into a single platform, the added complexity limits the networks ability to scale and adapt to new services while maintaining consistent performance (see Figure: The MSE Architecture). The answer lies in centralized services architecture. While still critical to the ability of networks to provide the intelligence for the optimal performance of mobile applications, mobility services should be abstracted from the control and data planes in order to be centralized into the services engine. This centralization of services offers several benefits, including scalability and improved provisioning and management. In addition, centralized service architecture removes the direct linkage between service and network, allowing services to extend across wired and wireless networks. Features, available through <<PartnerName>>, include:

Extensible platform for rapid delivery of services and applications Common framework for hosting multiple mobility services Open API to support third-party and partner application development. Ecosystem of application partners
For more information, please see: http://www.cisco.com/en/US/partner/prod/collateral/wireless/ps9733/ps9742/data_sheet_c78475378.html
- 15 -
<<clientLogo>>
<<PartnerLogo>>
Figure 1: The MSE Architecture
1.8.7
Cisco Adaptive wIPS with ELM
The Cisco Adaptive wIPS is integrated in the Cisco Unified Wireless Network infrastructure, available through <<PartnerName>>, and provides wireless-specific network threat detection and mitigation against malicious attacks, security vulnerabilities, and sources of performance disruption. Cisco Adaptive wIPS, offered by <<PartnerName>>, (see Figure: Cisco Adaptive wIPS System Overview) provides the ability to detect, analyze, and identify wireless threats, and centrally manages mitigation and resolution of security and performance issues. Cisco Adaptive wIPS, provided by <<PartnerName>>, also delivers proactive threat prevention capabilities for a hardened wireless network core that is impenetrable by most wireless attacks, allowing customers to maintain constant awareness of their RF environment to minimize legal liability, protect brand reputation, and assure regulatory compliance-including PCI 2.0 standards. The Cisco Adaptive wIPS solution, offered by <<PartnerName>>, adds the ELM feature, allowing administrators to use their deployed APs to provide comprehensive protection without the need for a separate overlay network. Prior to ELM and in the traditional Adaptive wIPS deployment, dedicated monitor mode APs are required to provide PCI compliance needs or protection from unauthorized security access, penetration, and attacks. ELM effectively provides a comparable offering that eases wireless security implementation while lowering CapEx and OpEx costs. For more information, please see: http://www.cisco.com/en/US/prod/collateral/wireless/ps9733/ps9817/data_sheet_c78-501388.html
- 16 -
<<clientLogo>>
<<PartnerLogo>>
Figure 2: Cisco Adaptive wIPS System Overview
1.8.7.1 Cisco Security Agent

The Cisco Security Agent, offered by <<PartnerName>>, includes PCI policies and rule sets to automatically help protect servers and clients against threats and information theft Features, available through <<PartnerName>>, include:

Visibility and control of sensitive data protects against loss from both user actions and targeted malware Zero Update Protection reduces emergency patching in response to vulnerability announcements Always Vigilant Security protecting even when users are not connected to the corporate network or lack the latest patch Predefined compliance and acceptable use policies allow for efficient management, reporting, and auditing of activities
For more information, please see: http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5707/ps5057/product_at_a_glance0900aecd8 0704fcb.pdf
- 17 -
<<clientLogo>>
<<PartnerLogo>>
1.8.7.2 Cisco Secure ACS

The Cisco Secure ACS, offered by <<PartnerName>>, is a highly scalable, high-performance access policy system that centralizes authentication, user access, and administrator access policy and reduces the administrative and management burden. The Cisco Secure ACS, available through <<PartnerName>>, is a central point for administering security policy for users and devices accessing the network. Features, available through <<PartnerName>>, include:

Supports two distinct protocols for AAA: RADIUS and TACACS+ Multiple databases can be used concurrently for maximum flexibility in enforcing access policy Allows the configuration of complex network access policies that may include authentication protocol requirements, device restrictions, time of day restrictions, posture validation, and other access requirements Centralized configuration management Logs are viewable and exportable for use in other systems and support troubleshooting and diagnostics, compliance and auditing, and other reporting and billing activities
For more information, please see: http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5712/ps2086/data_sheet_c78453387_ps5338_Products_Data_Sheet.html
1.8.7.3 Cisco Security Manager

The Cisco Security Manager, available through <<PartnerName>>, is an enterprise-class management application designed to configure firewall, VPN, and IPS security services on Cisco network and security devices. The Cisco Security Manager, offered by <<PartnerName>>, can be used in networks of all sizes, from small networks to large networks consisting of thousands of devices, by using policy-based management techniques. Features, available through <<PartnerName>>, include:

The VPN Wizard provides easy configuration of site-to-site, hub-and-spoke, full-mesh, and extranet VPNs Firewall configuration Content Filtering support for IOS-based device platform allows traffic filtering based on deep content inspection Bulk operation feature Cisco IPS Update Wizard allows efficient automatic IPS updates, scheduling, and distribution of policies with status and details notification
For more information, please see: http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5739/ps6498/data_sheet_c78-546611.htm
1.8.7.4 Cisco Security MARS

The Cisco Security MARS, available through <<PartnerName>>, is an appliance-based, all-inclusive solution that provides superior insight into and control of your existing security deployment. Part of the Cisco security management suite, Cisco Security MARS, offered by <<PartnerName>>, empowers
- 18 -
<<clientLogo>>
<<PartnerLogo>>
your security and network organizations to identify, manage, and counter security threats. It works with your existing network and security investments to identify, isolate, and recommend precise removal of offending elements. The Cisco Security MARS, provided by <<PartnerName>>, also helps maintain internal policy compliance and can be an integral part of your overall regulatory compliance solution Features, available through <<PartnerName>>, include:

Comprehensive built-in and user-defined rules SSH Protocol, SNMP, Telnet, and device-specific communications Automated and user-tuned false positive analysis Graphical attack path visualization with detailed investigation GUI that supports numerous default queries and customized queries
For more information, please see: http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5739/ps6241/data_sheet_c78-458671.html
1.8.8
Cisco Physical Security
1.8.8.1 Cisco VSOM

This web-based user interface authenticates and manages access to video feeds. It is a centralized administration tool for the management of Media Servers, cameras, encoders, and viewers. For more information, please see: http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6918/ps9145/ps9152/at_a_glance_c45468316.pdf
1.8.8.2 Cisco Video Surveillance IP Cameras

Cisco Video Surveillance IP Cameras, available through <<PartnerName>>, are feature-rich digital cameras that enable surveillance in a wide variety of environments. Available in standard and high definition, box and dome, wired and wireless, and stationery and pan-tilt-zoom versions, the cameras support MPEG-4 and H.264 and offer efficient network utilization while providing high-quality video. For more information, please see: http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6918/ps9145/ps9152/at_a_glance_c45468316.pdf
1.8.8.3 Cisco Physical Security MSP

The Cisco Physical Security MSP servers, available through <<PartnerName>>, enable the deployment and management of physical security services such as video surveillance, access control, and incident response communications. The server suite includes 1-RU and 2-RU models and provides benefits such as high storage density, system resiliency, and hardware diagnostics. An optional encoder card is also available, providing up to 16 analog video inputs with full-frame rate at D1 resolution. For more information, please see: http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6918/ps9145/ps9152/at_a_glance_c45-
- 19 -
<<clientLogo>>
<<PartnerLogo>>
468316.pdf
1.8.8.4 Cisco Physical Access Manager

Cisco Physical Access Manager, offered by <<PartnerName>>, is the management application used to configure hardware, monitor activity, enroll users, and integrate with IT applications and data stores. It comes installed on hardware and is sold as an appliance. For more information, please see: http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6918/ps9674/ps9688/datasheet_C78464244.pdf
1.8.8.5 Cisco Physical Access Gateways

The Cisco Physical Access Gateway, available through <<PartnerName>>, is an integral component of the Cisco Physical Access Control solution and is the primary module used to connect door hardware (readers, locks, etc.) to the IP network. The gateway can connect to a maximum of two doors and associated inputs and outputs. The Cisco Physical Access Gateway, offered by <<PartnerName>>, is a mandatory component of any access control deployment. For more information, please see: http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6918/ps9674/ps9687/datasheet_C78464240.pdf
1.8.9
Cisco Compute Systems and Storage
1.8.9.1 Cisco UCS

The Cisco UCS, available through <<PartnerName>>, is a next-generation data center platform that unites compute, network, storage access, and virtualization into a cohesive system designed to reduce TCO and increase business agility. The system integrates a low-latency, lossless 10 Gigabit Ethernet unified network fabric with enterprise-class, x86-architecture servers. The system is an integrated, scalable, multi-chassis platform in which all resources participate in a unified management domain. Features, available through <<PartnerName>>, include:

Reduced TCO at the platform, site, and organizational levels Increased IT staff productivity and business agility through just-in-time provisioning and mobility support for both virtualized and non-virtualized environments A cohesive, integrated system that is managed, serviced, and tested as a whole Scalability through a design for hundreds of discrete servers and thousands of virtual machines, and the capability to scale I/O bandwidth to match demand Industry standards supported by a partner ecosystem of industry leaders
For more information, please see: http://www.cisco.com/en/US/solutions/collateral/ns340/ns517/ns224/ns944/at_a_glance_c45523181.pdf
- 20 -
<<clientLogo>>
<<PartnerLogo>>
1.8.9.2 Cisco UCS Express

The Cisco UCS Express, offered by <<PartnerName>>, is a converged computing, virtualization, and networking platform for hosting essential infrastructure services and mission-critical business applications in the lean branch office. Cisco UCS Express, available through <<PartnerName>>, is best suited for multisite organizations with centralized IT infrastructure that need to host applications locally in the branch office because of performance, availability, or compliance reasons. It enables multiple virtual instances of Microsoft Windows Server and Linux to run on dedicated general-purpose x86 blades directly in the Cisco ISR G2 chassis, provided by <<PartnerName>>. With Cisco UCS Express, available through <<PartnerName>>, multisite organizations can increase IT agility, lower TCO, and get more value out of their branch-office infrastructure. For more information, please see: http://www.cisco.com/en/US/prod/collateral/contnetw/ps5719/ps11273/data_sheet_c78-625000.pdf
1.8.10 Cisco Management

1.8.10.1 Cisco Security Manager
Cisco Security Manager, offered by <<PartnerName>>, enables enterprises to manage and scale security operations efficiently and accurately. Cisco Security Manager, provided by <<PartnerName>>, integrates a powerful suite of capabilities, including policy and object management, event management, reporting, and troubleshooting, which are essential to maintaining security posture in todays ever changing threat environment. Cisco Security Manager, offered by <<PartnerName>>, supports a range of security solutions including Cisco ASA 5500 Series Adaptive Security Appliances, Cisco IPS 4200 Series Sensor Appliances, Cisco Secure Routers, and the Cisco AnyConnect Secure Mobility Client, all available through <<PartnerName>>. For more information, please see: http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5739/ps6498/data_sheet_c78-647451.pdf
1.8.10.2 Cisco WCS

Cisco WCS, available through <<PartnerName>>, is the industrys most comprehensive management platform for lifecycle management of 802.11n and 802.11a/b/g, enterprise-class wireless networks. This robust management platform delivers a cost-effective management solution that enables IT administrators to successfully plan, deploy, monitor, troubleshoot, and report on indoor and outdoor wireless networks. As the management platform for the Cisco Unified Wireless Network, Cisco WCS, offered by <<PartnerName>>, supports the delivery of high performance applications and mission-critical solutions that simplify business operations and improve productivity. It also supports Cisco CleanAir technology, a system-wide capability of the Cisco Unified Wireless Network, provided by <<PartnerName>>, which uses silicon-level intelligence to create a self-healing, self-optimizing wireless network. Delivering performance protection for 802.11n networks, Cisco CleanAir technology, provided by <<PartnerName>>, increases the reliability of wireless networks to support mission critical applications by automatically mitigating the impact of RF interference. Cisco WCS, offered by <<PartnerName>>, is a comprehensive platform that scales to meet the needs of small, midsize, and large-scale wireless LANs across local, remote, national, and international locations. This award-winning solution gives IT managers immediate access to the tools they need, when they need them, to more efficiently implement and maintain secure wireless LANs,
- 21 -
<<clientLogo>>
<<PartnerLogo>>
all from a centralized location requiring minimal IT staffing. Features, available through <<PartnerName>>, include:

Fast secure scalable roaming in 802.11i environments A built-in client troubleshooting tool allows network administrators to quickly and easily troubleshoot problems with a client Real-time capacity management with load balancing Support for deployment of several, hundreds, or thousands of central or remotely located access points
For more information, please see: http://www.cisco.com/en/US/prod/collateral/wireless/ps5755/ps6301/ps6305/product_data_sheet0900 aecd802570d0.html
1.8.10.3 CiscoWorks LMS

CiscoWorks LMS, offered by <<PartnerName>>, is an integrated suite of management functions that simplify the configuration, administration, monitoring, and troubleshooting of Cisco networks. CiscoWorks LMS, available through <<PartnerName>>, allows network operators to manage the network through a browser-based interface that can be accessed anytime from anywhere within the network. CiscoWorks LMS 4.0, offered by <<PartnerName>>, is a major new release that improves the overall user experience, providing new workflows built on functional partitioning that align the product with the way network operators do their jobs. Once installed, out-of-the-box monitoring and troubleshooting dashboards provide actionable information to quickly isolate and fix network problems before they impact services. Configuring and deploying updates to the network has never been easier with the new Template Center which incorporates Validated Designs and links to download the latest configuration templates, simplifying platform and technology rollout and reducing the chance for errors. New Work Centers provide a single area where guided workflows give step-by-step instructions to help operators quickly provision, monitor, and manage new value-added technologies and solutions, such as EnergyWise, TrustSec/Identity, Auto Smartports, and Smart Install, all offered by <<PartnerName>>. For more information, please see: http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps6504/ps6528/ps11200/ps11202/data_sheet_ c78-610760.pdf
1.8.11 Cisco Voice

1.8.11.1 Cisco UCS Manager
Cisco UCS Manager, available through <<PartnerName>>, provides unified, centralized, embedded management of all software and hardware components of Cisco UCS across multiple chassis and thousands of virtual machines. Cisco UCS Manager, offered by <<PartnerName>>, manages the entire Cisco UCS as a single logical entity through an intuitive GUI, a CLI, or an XML API. By enabling better automation of processes, Cisco UCS Manager, offered by <<PartnerName>>, allows data center managers to achieve greater agility and scale in their server operations while reducing complexity and risk. Cisco UCS Manager, available through <<PartnerName>>, provides flexible role- and policy-based management using service profiles and templates and facilitates
- 22 -
<<clientLogo>>
<<PartnerLogo>>
processes based on IT Infrastructure Library concepts. The crucial feature of Cisco UCS Manager, offered by <<PartnerName>>, is its use of service profiles to provision Cisco UCS resources. The service profile concept improves IT productivity and business agility. Now infrastructure can be provisioned in minutes instead of days, shifting ITs focus from maintenance to strategic initiatives. For more information, please see: http://www.cisco.com/en/US/prod/collateral/ps10265/ps10281/data_sheet_c78-520522.pdf
1.8.11.2 Cisco Unified IP Phones

With a comprehensive portfolio of industry-leading endpoint IP phone solutions, <<PartnerName>>, through Cisco technology, offers an endpoint for every organizational need, from the lobby to the executive suite, and for organizations of all sizes. Cisco Unified IP Phones, available through <<PartnerName>>, can help your business obtain the productivity-building capabilities of nextgeneration communications and collaboration, taking advantage of Cisco Unified Communications media servers, offered by <<PartnerName>>, to deliver an exceptional communications experience throughout your organization. Features, available through <<PartnerName>>, include:

Single- and multiline endpoints, supporting a range of communication needs from low to moderate to the most active environments A range of endpoints from basic to fully featured, enabling your organization to take advantage of robust Cisco Collaboration Solutions to meet your corporate objectives while remaining within your budget Support for video communications, on selected models, to reduce your travel costs and accelerate the speed of decision making in your organization Endpoints that support value-added services such as HD voice, high-resolution color display presentation, USB peripherals, Bluetooth, and a wide array of productivity-building applications PC-based multimedia applications that make it possible to obtain up to two hours of more productive work from every employee every day by bringing advanced unified communications capabilities to the desktop
For more information, please see: http://www.cisco.com/en/US/prod/collateral/voicesw/ps6788/phones/ps379/prod_brochure0900aecd8 00f6d4a.pdf
1.8.12 Cisco WAN Optimization

1.8.12.1 Cisco WAE
The Cisco WAE platform, available through <<PartnerName>>, carries a portfolio of powerful, scalable network appliances that host Cisco WAN optimization and application acceleration solutions, also available through <<PartnerName>>. These solutions enable branch-office server consolidation and performance improvements for centralized applications and provide remote users with LAN-like access to applications, storage, and content across the WAN.
- 23 -
<<clientLogo>>
<<PartnerLogo>>
Cisco WAE appliances, available through <<PartnerName>>, provide a unified platform for hosting Cisco application acceleration and WAN optimization solutions, including Cisco WAAS Software, available through <<PartnerName>>. Features, available through <<PartnerName>>, include:

Improve employee productivity by enhancing the user experience for important business applications delivered over the WAN Reduce the cost of branch-office operations by centralizing IT resources in the data center and lowering the cost of WAN bandwidth Increase IT agility by reducing the time and resources required to deliver new IT services to the branch office Simplify branch-office data protection for regulatory compliance purposes
For more information, please see: http://www.cisco.com/en/US/prod/collateral/contnetw/ps5680/ps6474/product_data_sheet0900aecd8 0329e39.pdf
1.8.12.2 Cisco WAAS

Cisco WAAS, offered by <<PartnerName>>, is a powerful application acceleration and WAN optimization solution that optimizes the performance of any TCP-based application operating in a WAN environment. This optimization allows IT organizations to consolidate costly branch-office servers and storage in centrally managed data centers, and to deploy new applications directly from the data center, while still offering LAN-like application performance for remote users. Features, available through <<PartnerName>>, include:

Deliver centralized applications with LAN-like speed to remote users, while preserving visibility and branch security Consolidate costly branch-office servers, storage, and backup infrastructure in data centers while optimizing WAN bandwidth utilization Maximize regulatory compliance and data protection through consolidation of branch storage and acceleration of branch-office backup applications
For more information, please see: http://www.cisco.com/en/US/prod/collateral/contnetw/ps5680/ps6870/prod_brochure0900aecd80692f 70.pdf
- 24 -
<<clientLogo>>
<<PartnerLogo>>
3
1.9 Services Overview
Services & Support Overview
<Provide additional information of your specific services portfolio.> Using a Lifecycle Services approach, Cisco PCI Professional Services, offered by <<PartnerName>>, provide planning, design, and optimization services to help increase business value and return on investment. Several of <<PartnerName>>s proposed services can also help you address PCI compliance concerns. In addition, Cisco Technical Services, offered by <<PartnerName>>, can cost-effectively maintain secure payment systems for customer-sensitive information while also improving operational efficiency. Based on best practices, Cisco Technical Services, offered by <<PartnerName>>, are designed to help accelerate the transition to an advanced payment architecture that optimizes performance, reliability, and security, and scales easily with growth.
1.10
Services Options
<List and provide links for each of your specific service components.>
1.10.1 Cisco PCI Compliance Professional Services

1.10.1.1 Cisco IT GRC Security Assessment Service
Cisco IT GRC Security Assessment Service, offered by <<PartnerName>>, works with customers to assess effectiveness of their security programs and processes, establish benchmark metrics, and map security technical controls to PCI requirements and other standards. For more information, please see: http://www.cisco.com/en/US/services/ps2961/ps2952/cisco_it_grc_ds.pdf
1.10.1.2 Cisco IT GRC Strategy Planning Service

Cisco IT GRC Strategy Planning Service, offered by <<PartnerName>>, helps benchmark security
- 25 -
<<clientLogo>>
<<PartnerLogo>>
programs against industry standards and best practices. They also identify organizational inefficiencies, misalignments, and redundancies that may be undermining success. For more information, please see: http://www.cisco.com/en/US/services/ps2961/ps2952/ps10372/grc_general.pdf
1.10.1.3 Cisco Security Posture Assessment Service (Internal and Perimeter)

To directly address PCI Requirement 11 for penetration testing, the Cisco Security Posture Assessment Service, offered by <<PartnerName>>, performs vulnerability and penetration tests on the customers perimeter and internal networks. The service discovers security weaknesses in the existing network by successfully gaining unauthorized access to the cardholder data environment and credit card information. For more information, please see: http://www.cisco.com/en/US/services/ps2961/ps2952/services_data_sheet0900aecd804277b1.pdf
1.10.1.4 Cisco Security Design and Implementation Service

Cisco Security Design and Implementation Service, offered by <<PartnerName>>, develops or refines the security architecture so that it adheres to compliance regulations and industry-leading practices and can provide implementation engineering consulting and support. For more information, please see: http://www.cisco.com/en/US/services/ps2961/ps2952/services_datasheet_securitypd.pdf
1.10.2 Cisco PCI Technical Services

1.10.2.1 Cisco SMARTnet Service
Your IT staff gains direct, anytime access to engineers and extensive resources to accelerate problem resolution, facilitate 24-hour business continuity, and improve operational efficiency. For more information, please see: http://www.cisco.com/en/US/services/ps2827/ps2978/services_data_sheet0900aecd8042571e.pdf
1.10.2.2 Cisco Smart Care Service

Partners can build a PCI offering based on Cisco Smart Care Service, offered by <<PartnerName>>, which enables businesses to proactively verify that networks are secure, reliable, and functioning optimally. For more information, please see: http://www.cisco.com/en/US/services/ps2827/ps7343/services_overview0900aecd80612791.pdf
1.10.2.3 Cisco Services for IPS

Cisco Services for IPS, offered by <<PartnerName>>, protects your intrusion prevention system with the most up-to-date information to defend against attacks from local and global threats. Cisco Services for IPS, available through <<PartnerName>>, not only helps reduce risk exposure, but also helps support the productivity of internal staff who are charged with maintaining security systems.
- 26 -
<<clientLogo>>
<<PartnerLogo>>
For more information, please see: http://www.cisco.com/en/US/services/ps2827/ps6076/services_data_sheet0900aecd8022e901.pdf
1.10.2.4 Cisco Remote Management Services for Security

Cisco RMS for Security, offered by <<PartnerName>>, provides 24/7/365 remote management, surveillance, monitoring, and remediation for networks to help protect against sophisticated attacks and new vulnerabilities. For more information, please see: http://www.cisco.com/en/US/services/ps6192/one_cisco_rms_security.pdf
1.11
Financial Options
<Provide the overview of any financing offers available for products mentioned in the solution section.>
- 27 -
<<clientLogo>>
<<PartnerLogo>>
4
1.12
Customer Benefits & Return on Investment

Customer Benefits
The Cisco PCI Solution for Retail 2.0, proposed by <<PartnerName>>, addresses many of the 12 PCI DSS requirements and helps retailers simplify their compliance strategies. It goes beyond just the requirements to provide comprehensive best practices for securing sensitive information. In addition, <<PartnerName>>s proposed Cisco PCI Solution for Retail 2.0 helps protect mobile applications and data. It also helps build a foundation for ongoing compliance, enhance your companys physical security and risk management, strengthen shopping security, and enable new business initiatives. Because <<PartnerName>>s proposed Cisco solution uses an architectural approach, you can reap benefits not found in a single-box approach. These benefits include:
Increased end-to-end compliance: <<PartnerName>>, through Cisco, has partnered with third-party PCI experts to help design and validate end-to-end solutions deployed across wired and wireless infrastructure to achieve PCI compliance. In contrast to wireless-only solutions that are not tested in parallel with the wired infrastructure, <<PartnerName>>s proposed Cisco solutions deliver seamlessly across the network to better protect cardholder data. As an important additional benefit, you have a single support model that minimizes the need to manage multiple vendors. Increased investment protection: The same <<PartnerName>> proposed solution that provides PCI compliance is also the solution that provides rich mobility solutions. Because <<PartnerName>>s proposed solution offers an architectural approach, when you want to move from a wired-only to wired and wireless operational model, you can do so simply by adding a few new components to your existing PCI solution. Because there is no need to design and implement a new solution, the investment you make today will continue to add value as the business model changes and adapts. This will increase the productivity of your employees and the applications they use. Improved efficiency in deploying PCI DSS updates: PCI compliance is updated on a three-year cycle, and new requirements are added or adjusted based on each cycle. Because <<PartnerName>>s proposed solution uses an architectural approach, you can be confident that when new standards are released, you can easily and cost-effectively maintain compliance by upgrading or updating only the solution components impacted by the new standards.
1.13
General Return on Investment / Business Impact
By combining industry-leading security features with an innovative network architecture approach, <<PartnerName>>s Cisco PCI DSS solution promotes greater IT efficiency, while reducing TCO. In addition, <<PartnerName>>s Cisco PCI DSS solution provides powerful security capabilities that effectively protect your mission-critical applications, servers, and end-user information.
- 28 -
<<clientLogo>>
<<PartnerLogo>>
The Cisco PCI DSS solution, proposed by <<PartnerName>>, can help <<client>> meet compliance standards as well as save money by offering:
Lower TCO: <<PartnerName>>s proposed Cisco solution uses an architectural approach to the network because we want you to be able to scale up efficiently. <<PartnerName>>s proposed solution provides both PCI compliance and rich mobility capabilities. This way, you can move to a wired and wireless operational mode more quickly because you only need to add a few new components to your existing system. Since you do not have to create a new design or implement a new system to move to wireless, <<PartnerName>>s proposed solution offers you a lower TCO for your PCI solution. Improved ROI: Because <<PartnerName>>s proposed Cisco technology is developed by third-party PCI experts in the industry, you can feel comfortable that your PCI DSS solution was designed and validated as an end-to-end solution. <<PartnerName>>s proposed solutions were tested in parallel with the wired infrastructure. In addition, <<PartnerName>>s proposed solution provides a single support model, so that you can minimize the time it take to manage multiple vendors. Both of these considerations add to improved ROI of <<PartnerName>>s proposed solution. Increased investment protection: The investment you make today will continue to add value as your business model changes. For example, when new PCI requirements are mandated in three years, you can cost-effectively maintain your compliance by updating only the components that have been impacted by the new standards. You will not need to design or implement a whole new network to deal with the changes. In addition, <<PartnerName>>s proposed PCI DSS solution offers capabilities to move your company from wired-only to wired and wireless with the purchase of a few additional components. Again, your investment is protected because <<PartnerName>>s proposed solution uses an architectural approach for network design including the PCI DSS solution.
- 29 -
<<clientLogo>>
<<PartnerLogo>>
Customer Proof Points
<Insert the latest customer case studies including challenges, solution, and business impact/benefit.>
- 30 -
<<clientLogo>>
<<PartnerLogo>>
Statement of Compliance
<Insert summary of compliance matrices or requirements response or remove this section as appropriate.>
- 31 -
<<clientLogo>>
<<PartnerLogo>>
Pricing
<Insert bill of materials (BOM)/pricing details, or remove this section as appropriate.>
- 32 -
<<clientLogo>>
<<PartnerLogo>>
8
1.14 Additional Information
Appendices
<Insert additional information or remove this section as appropriate.>
1.15
Acronym List
3G: third generation AAA: Authentication, Authorization, and Accounting ACE: Application Control Engine ACS: Access Control Server AES: Advanced Standard Encryption AmEx: American Express credit card AP: Access Point API: Application Programming Interface ASA: Adaptive Security Appliance ASR: Aggregation Services Router CapEx: Capital Expenditures CLI: Command-Line Interface CPS: Connections Per Second DCBA: Data Center Business Advantage DLP: Data Loss Prevention DSP: Digital Signal Processor DSS: Data Security Standard ELM: Enhanced Local Mode FIPS: Federal Information Processing Standard FWSM: Firewall Services Module Gbps: Gigabits per second GB: Gigabytes
- 33 -
<<clientLogo>>
<<PartnerLogo>>
GRC: Governance, Risk Management, and Compliance GSS: Global Site Selector GUI: Graphical User Interface HD: High Definition HIPAA: Health Insurance Portability and Accountability Act I/O: Input/Output ID: Identification IDS: Intrusion Detection System IDSM: Intrusion Detection System Services Modules IEEE: Institute of Electrical and Electronics Engineers IOS: Internetwork Operating System IP: Internet Protocol IPS: Intrusion Protection System ISR: Integrated Services Router ISR G2: Integrated Services Router Generation 2 ISSU: In-Service Software Upgrade IT: Information Technology JCB: Japans largest credit card retailer, a joint partner with Discover card LAN: Local Area Network LMS: LAN Management System MARS: Monitoring, Analysis, and Response System Mbps: Megabits per second MC: MasterCard MDS: Multilayer Director Switch MMS: Multiservice Multilayer Switch MPEG: Motion Picture Experts Group MSE: Mobility Services Engine MSM: Multiservice Module
- 34 -
<<clientLogo>>
<<PartnerLogo>>
MSP: Multiservices Platform NAC: Network Admission Control NBAR: Network-based Application Recognition OpEx: Operating Expenses PC: Personal Computer PCI: Payment Card Industry PIX: Private Internet eXchange PoE: Power over Ethernet POS: Point Of Sale QoS: Quality of Service QSA: Quality Security Assessors RADIUS: Remote Authentication Dial In User Service RF: Radio Frequency RMS: Remote Management Services ROI: Return on Investment RU: Rack Unit SAN: Storage Area Network SEC: Security SME: Storage Media Encryption SNMP: Simple Network Management Protocol SSH: Secure Shell TACACS+: Terminal Access Controller Access Control System Plus Tbps: Terabits per second TCO: Total Cost of Ownership TCP: Transmission Control Protocol Telnet: Terminal over network UCS: Unified Computing System URL: Uniform Resource Locator, address of a web page
- 35 -
<<clientLogo>>
<<PartnerLogo>>
USB: Universal Serial Bus VoIP: Voice over IP VPN: Virtual Private Network VSEC: Virtual Security VSG: Virtual Security Gateway VSOM: Video Surveillance Operations Manager WAAS: Wide Area Application Services WAE: Wide Area Application Engine WAN: Wide Area Network WCS: Wireless Control System wIPS: Wireless Intrusion Prevention Systems WLAN: Wireless LAN XML: Extensible Markup Language
- 36 -

Pci Dss Partner Ec TDM Proposal

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Pci Dss Partner Ec TDM Proposal

Uploaded by

Copyright:

Available Formats

<<PartnerLogo>>

Payment Card Industry Data Security Standard Partner/Reseller Version

Payment Card Industry Data Security Partner/Reseller Version

Payment Card Industry Data Security Partner/Reseller Version

Payment Card Industry Data Security Partner/Reseller Version

Payment Card Industry Data Security Partner/Reseller Version

PCI DSS requirements three and four.

Payment Card Industry Data Security Partner/Reseller Version

Payment Card Industry Data Security Partner/Reseller Version

<Insert the current testimonials as available.>

Payment Card Industry Data Security Partner/Reseller Version

Payment Card Industry Data Security Partner/Reseller Version

1.8.1.1 Cisco ISR

For more information, please see: http://www.cisco.com/en/US/products/ps10906/Products_Sub_Category_Home.html

Cisco ISR G2 SEC and VSEC Bundles

Payment Card Industry Data Security Partner/Reseller Version

For more information, please see: http://www.cisco.com/en/US/prod/collateral/routers/ps10538/aag_c45_556315.pdf

1.8.2.1 Cisco ASR

For more information, please see: http://www.cisco.com/en/US/prod/collateral/routers/ps9343/data_sheet_c78-447652.pdf

1.8.3.1 Cisco Catalyst Series Switches

For more information, please see: http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/ps713/aag_c45_484784_v1.pdf

Payment Card Industry Data Security Partner/Reseller Version

1.8.3.2 Cisco Nexus 1000V Series Switches

1.8.3.3 Cisco Nexus 5000 and 7000 Series Switches

1.8.3.4 Cisco ACE Family

Payment Card Industry Data Security Partner/Reseller Version

1.8.3.5 Cisco MDS Switch with SME

Cisco Network Security

1.8.4.1 Cisco ASA

Content security capabilities Threat-protected VPN

Payment Card Industry Data Security Partner/Reseller Version

For more information, please see: http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/product_data_sheet090 0aecd802930c5.html

1.8.4.2 Cisco IronPort Email Security Application

1.8.4.3 Cisco NAC

For more information, please see: http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5707/ps8418/ps6128/product_data_sheet090 0aecd802da1b5.pdf

1.8.4.4 Cisco AnyConnect VPN

Payment Card Industry Data Security Partner/Reseller Version

For more information, please see: http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/data_sheet_c78527494.pdf

1.8.4.5 Cisco FWSM

1.8.4.6 Cisco IDSM

For more information, please see: http://www.cisco.com/application/pdf/en/us/guest/products/ps5058/c1650/ccmigration_09186a00801e 55dd.pdf

1.8.4.7 Cisco IPS Appliance

Payment Card Industry Data Security Partner/Reseller Version

1.8.4.8 Cisco Nexus VSG

For more information, please see: http://www.cisco.com/en/US/prod/collateral/modules/ps2706/ps11208/data_sheet_c78-618244.pdf

1.8.4.9 Cisco IOS Firewall

Payment Card Industry Data Security Partner/Reseller Version

1.8.4.10 Cisco IOS IPS

1.8.4.11 Cisco Secure ACS

For more information, please see: http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps5698/ps6767/ps9911/data_sheet_c78614584.pdf

Payment Card Industry Data Security Partner/Reseller Version

1.8.5.1 Cisco 802.11n Access Points

For more information, please see: http://www.cisco.com/en/US/prod/collateral/wireless/ps5678/ps10981/at_a_glance_c45-636090.pdf

1.8.5.2 Cisco Wireless LAN Controllers

Payment Card Industry Data Security Partner/Reseller Version

For more information, please see: http://www.cisco.com/en/US/prod/collateral/modules/ps2706/at_a_glance_c45-652653.pdf

For more information, please see: http://www.cisco.com/en/US/partner/prod/collateral/wireless/ps9733/ps9742/data_sheet_c78475378.html

Payment Card Industry Data Security Partner/Reseller Version

Figure 1: The MSE Architecture

Cisco Adaptive wIPS with ELM

Payment Card Industry Data Security Partner/Reseller Version

Figure 2: Cisco Adaptive wIPS System Overview

1.8.7.1 Cisco Security Agent