Anthony Noblett

This paper demonstrates how the Microsoft Security Development Lifecycle (SDL) can help meet some of the requirements of the Payment Card Industry Data Security Standard (PCI DSS) and the Payment Application Data Security Standard (PA-DSS). PCI DSS is an industry-accepted standard authored and approved by the PCI Security Standards Council (PCI SSC). The PCI DSS includes several requirements that align closely with SDL practices. In addition, PA-DSS also mandates SDL-like controls for licensed… Show more

This paper demonstrates how the Microsoft Security Development Lifecycle (SDL) can help meet some of the requirements of the Payment Card Industry Data Security Standard (PCI DSS) and the Payment Application Data Security Standard (PA-DSS). PCI DSS is an industry-accepted standard authored and approved by the PCI Security Standards Council (PCI SSC). The PCI DSS includes several requirements that align closely with SDL practices. In addition, PA-DSS also mandates SDL-like controls for licensed or distributed third-party applications. Two primary scenarios where software security intersects with the PCI DSS and PA-DSS requirements are addressed in this paper—the development of new payment card software and the integration of payment card software into existing systems. The goal of the paper is to show business decision makers, systems integrators, and development organizations where existing PCI DSS compliance activities and SDL practices intersect in ways that may help them realize time, resource, or process efficiencies. Show less

The purpose of this paper is to describe how the Microsoft Security Development Lifecycle (SDL) can help organizations comply with some requirements of the administrative simplification provision of the Health Insurance Portability and Accountability Act and its implementing regulations (HIPAA), including the Security Standards for Protecting Electronic Protected Health Information (HIPAA Security Rule) and the Standards for Privacy of Individually Identifiable Health Information (Privacy… Show more

The purpose of this paper is to describe how the Microsoft Security Development Lifecycle (SDL) can help organizations comply with some requirements of the administrative simplification provision of the Health Insurance Portability and Accountability Act and its implementing regulations (HIPAA), including the Security Standards for Protecting Electronic Protected Health Information (HIPAA Security Rule) and the Standards for Privacy of Individually Identifiable Health Information (Privacy Rule), as well as the American Recovery and Reinvestment Act of 2009 (ARRA), particularly Title XIII of ARRA, called the Health Information Technology (HIT) for Economic and Clinical Health (HITECH) Act. This paper attempts to present how SDL practices and HIPAA requirements intersect in very practical ways by using two common scenarios in the healthcare software ecosystem: • Developing new software. • Integrating new software modules or interfaces for a medical environment. The expected audiences for this paper are business decision-makers, compliance managers, software developers, IT consultants, and systems integrators who are working within or on behalf of organizations that must meet HIPAA compliance requirements. Show less

The Security Compliance Manager (SCM) is a free tool from the Microsoft Solution Accelerators team that enables you to quickly configure and manage the computers in your environment and your private cloud using Group Policy and Microsoft System Center Configuration Manager.
SCM provides ready-to-deploy policies and DCM configuration packs based on Microsoft security guide recommendations and industry best practices, allowing you to easily manage configuration drift and address compliance… Show more

The Security Compliance Manager (SCM) is a free tool from the Microsoft Solution Accelerators team that enables you to quickly configure and manage the computers in your environment and your private cloud using Group Policy and Microsoft System Center Configuration Manager.
SCM provides ready-to-deploy policies and DCM configuration packs based on Microsoft security guide recommendations and industry best practices, allowing you to easily manage configuration drift and address compliance requirements for Windows operating systems, Office applications, and other Microsoft applications.
Now you can easily configure computers running Windows Server 2012, Windows 8, Microsoft Office applications, and Windows Internet Explorer 10 with industry leading knowledge and fully supported tools. In addition to the latest software releases, you can also configure previous additions of Windows Server and Microsoft Office. Show less

The IT Infrastructure Threat Modeling Guide provides an easy-to-understand method for developing threat models that can help prioritize investments in IT infrastructure security. This guide describes and considers the extensive methodology that exists for Microsoft Security Development Lifecycle (SDL) threat modeling and uses it to establish a threat modeling process for IT infrastructure.

Deeply integrated with Service Manager, the Process Pack for IT GRC translates complex regulations and standards into authoritative control objectives and control activities for your IT organization’s compliance program. The process pack is designed to help customers understand and bind complex business objectives to their Microsoft infrastructure in an operationally efficient manner.

Microsoft Operations Framework (MOF) 4.0 delivers practical guidance for everyday IT practices and activities, helping users establish and implement reliable, cost-effective IT services. It encompasses the entire IT lifecycle by integrating:
Community-generated processes for planning, delivering, operating, and managing IT.
Governance, risk, and compliance activities.
Management reviews.
Microsoft Solutions Framework (MSF) best practices.