Your browser does not allow storing cookies. We recommend enabling them.

SSH Communications Security Launches Auditor and Compliance Education Program


Program Delivers Tools and Education to Enhance Access Controls and Encrypted Channel Monitoring to PCI, SOX and FISMA Compliance Professionals

HELSINKI, Finland and WALTHAM, Mass. – SSH Communications Security, known the world over as the inventor of the ubiquitous Secure Shell and SFTP protocols, today announced the launch of its new Auditor and Compliance Education (ACE) Program, designed to help audit and compliance professionals implement new PCI-DSS and other compliance requirements relating to access controls and monitoring of encrypted networks.

Key News Facts

  • With the launch of the ACE Program, SSH Communications Security is expanding its longstanding commitment to help enterprises reduce risk by providing free tools and resources, often through partnerships with compliance bodies.
  • The newest changes to PCI-DSS will mandate controls over Secure Shell-enabled system access.
  • SSH Communications Security has been working with NIST on an intergovernmental report concerning access controls to Secure Shell environment, which will ultimately impact FISMA checklists.
  • The Monetary Authority of Singapore recently strengthened its network access controls and continuous monitoring requirements that govern financial institutions operating in Singapore which, due to its status as one of Asia’s premier banking hubs, impacts many of world’s largest banks and related business partners.
  • Other compliance standards, such as SOX, HIPAA and NERC/FERC, also mandate that organizations control who has access to what information within their networks.

For more information on SSH’s Auditor and Compliance Program please visit

Supporting Quotes

Tatu Ylönen, CEO and founder of SSH Communications Security, said:

“Historically, a lack of specific instructions, testing requirements or awareness has left most enterprises with significant gaps in their risk and compliance postures. Most major compliance regulations currently only refer in general terms to access controls and monitoring of encrypted networks. Over the past two years, we have been working directly with major compliance bodies to bolster the current compliance framework with language tailored to protect the machine-to-machine connections that make up nearly 90 percent of the network environment.”

Jonathan Lewis, director of product marketing and ACE program manager, SSH Communications Security, said:

“Secure Shell is often overlooked in compliance audits, typically because many auditors lack tools and methods to test for specific Secure Shell compliance issues. With the launch of our free SSH Risk Assessor tool, we have provided auditors with the means to discover the scope of risk found in poorly-managed Secure Shell environments. Our expanded educational offerings and outreach now provide additional support to professionals working in the front lines of audit, compliance and security.”

About SSH Communications Security

Founded in 1995, SSH Communications Security is the company that invented the SSH protocol - the gold standard protocol for data-in-transit security solutions. Today, over 3,000 customers across the globe - including seven of the Fortune 10 - trust our Information Assurance Platform to secure the path to their information assets. We enable and enhance business for thousands of customers in multiple industries in the private and public sectors around the world. A fast-growing company, SSH Communications Security operates in the Americas, Europe, and APAC regions, with headquarters located in Helsinki, Finland. The company shares (SSH1V) are quoted on the NASDAQ OMX Helsinki.




What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now