Updated: Sep 24, 2018
September 18 | 2018
No matter its size, every business operates in a regulated environment. If your business handles customer credit cards or personally identifiable information, you may be subject to domestic and international regulations such as PCI and the GDPR. This whitepaper provides an overview of the data-at-rest and data-in-flight encryption features in TrueNAS that help your business stay compliant.
The TrueNAS Privacy and Security Compliance Features white paper is here to help decision makers quickly reference key TrueNAS features with industry-specific regulations that often carry stiff penalties for compliance failures. The broadest of these regulations, the Payment Card Industry Data Security Standard (PCI DSS), applies to any business that handles customer credit cards and mandates their encrypted storage. To help meet this requirement, TrueNAS provides software and hardware-level encryption with integrated key management.
To meet the global obligations of the European Union General Data Protection Regulation (GDPR), TrueNAS offers dataset-level user separation that extends throughout the replication process. With appropriate planning, complying with a user’s “right to be forgotten” can be as simple as deleting their dedicated dataset and its replicas.
To meet the requirements of the medical industry, such as HIPAA and ePHI, TrueNAS adds continuous data integrity validation, data-at-rest and in-flight encryption, and immutable snapshots to mitigate data tampering. For increased encryption performance, TrueNAS also offers TCG OPAL 2.0/AES 256-bit Self-Encrypting Drives (SEDs) and optional FIPS 140-2-compliant SEDs for military-grade data-at-rest protection.
Download the TrueNAS Privacy and Security Compliance Features white paper to learn more about how TrueNAS can play a key role in your regulation compliance strategy. Contact us at firstname.lastname@example.org, 01536 316870 to discuss your compliance needs with one of our Solutions Architects.