How soon is PCI scan required on new application?
Hello,
The larger team I work in is about to release a new ecommerce website that allows the secure storage and usage of personal and corporate credit cards. As far as system components go, the payment card info. is stored securely in Oracle and the DB itself is in the private network behind a special PCI-related firewall. Still, this application comes under PCI compliance regulations. What is required as far as the timings on when the initial scan is required with this application - is it needed before go-live, or some time after i.e. "90 days"? I don't think the team here is considering security testing in their final efforts.
Rich
Software/Hardware used:
IBM Portal, IBM Commerce, Oracle Database, Sun hardware
The larger team I work in is about to release a new ecommerce website that allows the secure storage and usage of personal and corporate credit cards. As far as system components go, the payment card info. is stored securely in Oracle and the DB itself is in the private network behind a special PCI-related firewall. Still, this application comes under PCI compliance regulations. What is required as far as the timings on when the initial scan is required with this application - is it needed before go-live, or some time after i.e. "90 days"? I don't think the team here is considering security testing in their final efforts.
Rich
Software/Hardware used:
IBM Portal, IBM Commerce, Oracle Database, Sun hardware
ASKED:
March 30, 2010 11:48 PM
UPDATED:
April 1, 2010 12:29 AM
RELATED QUESTIONS
- Does anyone know of a way to scan a barcode entrys into an AS/400 display file, but not allow the scan ID to be manually entered from the keyboard?
- 3G - Creating a S2S VPN when the 3G card uses DHCP and not static?
- Oracle Application Server - how to manage ciphers
- PCI Compliance in an iSeries Network Environment - Request for advice and direction
- SQL SERVER 2005 Storage Performance
Answer Wiki:
I'd do it as soon as you reasonably can. The <a href="https://www.pcisecuritystandards.org/security_standards/download.html?id=pci_dss_v1-2.pdf">PCI DSS regulation itself</a> outlines pretty much everything you need to know. Here are some <a href="http://securityonwheels.blogspot.com/search/label/pci%20dss">PCI DSS tips</a> I've written that may be of benefit as well.
To see all answers submitted to the Answer Wiki: View Answer History.
RSS - Discussions Help
Discuss This Question:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
