How soon is PCI scan required on new application?

5 pts.
Tags:
New Hardware
PCI compliance
Hello,

The larger team I work in is about to release a new ecommerce website that allows the secure storage and usage of personal and corporate credit cards. As far as system components go, the payment card info. is stored securely in Oracle and the DB itself is in the private network behind a special PCI-related firewall. Still, this application comes under PCI compliance regulations. What is required as far as the timings on when the initial scan is required with this application - is it needed before go-live, or some time after i.e. "90 days"? I don't think the team here is considering security testing in their final efforts.

Rich



Software/Hardware used:
IBM Portal, IBM Commerce, Oracle Database, Sun hardware

Answer Wiki

Thanks. We'll let you know when a new response is added.

I’d do it as soon as you reasonably can. The <a href=”https://www.pcisecuritystandards.org/security_standards/download.html?id=pci_dss_v1-2.pdf”>PCI DSS regulation itself</a> outlines pretty much everything you need to know. Here are some <a href=”http://securityonwheels.blogspot.com/search/label/pci%20dss”>PCI DSS tips</a> I’ve written that may be of benefit as well.

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following