Home
User Guide
The information contained in this section applies to IBM WebSphere Commerce Version 7.0.0.9 and Feautre Pack 8. The documentation also applies to all subsequent releases and modifications until otherwise indicated in new editions.
Compliance
The following section describes how you can leverage WebSphere Commerce features and functionality to help your site be compliant with different privacy and security standards.
WebSphere Commerce and the PCI Data Security Standard
Addressing the PCI Data Security Standard within WebSphere Commerce
The following topics deal with each of the detailed requirements that pertain to WebSphere Commerce. Some of the requirements are directly related to the WebSphere Commerce software package. Other requirements are unrelated, or indirectly relate to the WebSphere Commerce software package. For example, indirect requirements can affect your use of the operating system security features to secure WebSphere Commerce files.
Requirement 5: Protect all systems against malware and regularly update anti-virus software or programs
Although antivirus software is outside the scope of WebSphere Commerce, protecting your servers and network from malicious software should always be a priority for a responsible network administrator. WebSphere Commerce is designed, developed and tested on systems running antivirus software.

WebSphere Commerce on premise not applicable for Commerce on Cloud offering

Requirement 5: Protect all systems against malware and regularly update anti-virus software or programs

Although antivirus software is outside the scope of WebSphere Commerce, protecting your servers and network from malicious software should always be a priority for a responsible network administrator. WebSphere Commerce is designed, developed and tested on systems running antivirus software.

Note: During the WebSphere Commerce installation process, you may need to temporarily disable your antivirus software. Ensure you re-enable it before the system is connected to a production environment or begins handling customer data.

Refer directly to the PCI DSS for details on this requirement.