PCI-DSS Compliance
PCI-DSS is an information security standard for payment card applications, therefore your application that is executed with JobScheduler has to be certified.
JobScheduler includes YADE, a file transfer tool, that can be used to fulfill PCI-DSS compliance, it allows
- secure transfer with e.g. FTPS, SFTP, WebDAV protocols across networks and
- insecure transfer with e.g. FTP, HTTP protocols.
JobScheduler complies with the PCI-DSS Requirements 3 and 4:
- Requirement 3: Protect stored cardholder data.
- Consider Using a Credential Store for Jobs to protect credentials in a secure store.
- Requirement 4: Encrypt transmission of cardholder data across open, public networks.
- You can use any of the above mentioned secure protocols with YADE.
- JobScheduler creates the job history and and job logs in a database for auditing and reporting purposes.
Generally you should follow the guidelines from JobScheduler Secure Operation article to comply with PCI-DSS rules.
SOX Compliance
Concerning SOX compliance you can run an application with JobScheduler by providing a secure configuration and protocols (see above) and by use of encrypted and signed files with your application.
The JOC Cockpit - File Transfer History provides a detailed history to comply with SOX requirements.
HIPAA Compliance
Concerning HIPAA compliance and file transfers the YADE is a transient service, i.e. YADE does not store files permanently in intermediate locations, see YADE Implementation Architecture and Server-to-Server file transfer without touchdown. Therefore, for a transient file transfer service as YADE that implements PCI-DSS compliance and SOX compliance it should be possible to certify your application.