[CentOS] Recommendation for a Good Vulnerability Scanning Service?
Ian Forde
ianforde at gmail.comSun Feb 20 23:58:35 UTC 2011
- Previous message: [CentOS] Recommendation for a Good Vulnerability Scanning Service?
- Next message: [CentOS] Recommendation for a Good Vulnerability Scanning Service?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Fri, 2011-02-18 at 15:09 -0500, Michael B Allen wrote: > Are you talking about the SAQC? I run all CC transactions through one > CentOS VPS webserver (actually I have two servers that I periodically > wipe out and alternate between every year or two). So I don't have POS > terminals or any Windows PCs in the mix. We don't save any card holder > data at all. So my SAQC was a breeze. I just had to add N/A for > questions like the "do you run anti-virus software" and explain that > everything goes through the one Linux machine for which no anti-virus > software exists or is necessary. You're going to want to go to www.pcisecuritystandards.org for the full scoop. I'd advise you to have your counsel examine the PCI DSS documents. IANAL, but I recall from version 2.0 of the doc found at https://www.pcisecuritystandards.org/documents/pci_dss_v2.pdf (click-through agreement required) that, and I quote from page 7: "PCI DSS applies wherever account data is stored, processed or transmitted". So it's not about saving data per se. Just the act of having it transmitted to your systems may (again, IANAL) make PCI DSS apply. I've been dealing with PCI Compliance at work for a few years. It's not really something you want to skimp through, as the fines can be quite severe when things go wrong. As I said, you may want to talk to your lawyer... -I
- Previous message: [CentOS] Recommendation for a Good Vulnerability Scanning Service?
- Next message: [CentOS] Recommendation for a Good Vulnerability Scanning Service?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list