Financial Transaction Manager security

Security standards are intended to help you protect personally identifiable information (PII) and sensitive personal information (SPI). Depending on the types of data you process and the countries that you operate in, multiple standards might apply.

Examples of security standards are shown in the following list:
  • International Organization for Standardization (ISO) 27002 standard
  • Federal Information Security Management Act (FISMA)
  • National Institute of Standards and Technology - NIST 800-53a
  • Federal Financial Institutions Examination Council (FFIEC)
  • Payment Card Industry (PCI)
  • General Data Protection Regulation (GDPR)
  • Your own internal standards
Generally, these standards cover areas from security best practices to compliance requirements to how to handle data. These requirements, for example, can be about operational controls, human resource security, configuration, and auditing.

Because of the complexity and overlapping areas of the different standards, no direct mapping between a specific standard and this security information for Financial Transaction Manager exists. This security information relates to components and features of Financial Transaction Manager, such as the Operations and Administration Console. It also relates toother security concerns that might affect Financial Transaction Manager, such as WebSphere® Application Server security. Other areas that are not related to Financial Transaction Manager, such as security incident response processes or physical environmental security are not included in this information.

This security information is organized based on the following high-level categories that might apply to your security requirements. Many of the security concepts within this information overlap and don't necessarily belong to a single category.
Access control
Access control involves authentication and authorization.
Infrastructure
Infrastructure includes securing the middleware and the communications.
Data storage
Data storage includes protecting the data in the database and on the file system.
Monitoring
Monitoring is a way to ensure that your security is working. You might want to monitor the audit, system, and component logs.

The following topics provide first an overview of personal information in Financial Transaction Manager and each of the high-level categories. Following the overview topics are topics about the security information for the different middleware and components that are used by Financial Transaction Manager.