PCI Compliance

s0ck · 27 Oct 2009 at 15:21

Looking into the PCI DSS stuff from a VAR perspective. Anyone into it? Any certified QSAs here?

bigredshark · 27 Oct 2009 at 17:25

s0ck said:
Looking into the PCI DSS stuff from a VAR perspective. Anyone into it? Any certified QSAs here?

Currently in the process, I just need to do the network stuff and it's hell. It demands things there's no technical need for (and I mean no technical need, stupid, idiotic stuff like requiring physically separate firewalls and not accepting virtual separating into VRFs as adequate despite it being logically EXACTLY the same).

I mean I understand the need for the standard and it'll give us a nice edge having the service provider certification but some of it is just window dressing which serves no useful or logical purpose. If you need PCI for business reasons then there's no real alternative but don't confuse it's requirements with a cheaper and better solution that's every bit as secure.

Ev0 · 27 Oct 2009 at 18:00

bigredshark said:
Currently in the process, I just need to do the network stuff and it's hell. It demands things there's no technical need for (and I mean no technical need, stupid, idiotic stuff like requiring physically separate firewalls and not accepting virtual separating into VRFs as adequate despite it being logically EXACTLY the same).

Things like this drive me nuts, got a similar issue at my place with virtualising some DMZ machines.

Don't know anything about PCI however

Although I was on some Qualys course last week and it kept banging on about the PCI scan module.

PCI Compliance

s0ck

s0ck

bigredshark

bigredshark

Ev0

Ev0