• Is it necessary to implement a proxy to provide Internet output?

    Hi, If I have internet contact on my POS (certain internet IP address), nothing of download. Cellphone recharges, etc. And is behind a firewall, my question is: If have the firewall, is it necessary to implement a proxy in order to provide internet output and still in compliance with PCI?

    IsrBla5 pointsBadges:
  • Role of QIR

    If someone is a QIR and they are going to install the certified payment application at a merchant site, but find that the merchant is running a non-compliant OS, then doesn't the QIR have to stop the install or proceed to perform the install but note that it was not installed per the applications...

    kbrown19135 pointsBadges:
  • How does the SSL decryption affects the PCI DSS compliance when data gets decrypted?

    I would tend to think that decrypted transactions are against PCI DSS - am I wrong on this? What would be good example of correct use of SSL decryption system which would not violate the PCI DSS requirements? Thanks for answers!

    krejpsky5 pointsBadges:
  • Can PCI DSS meet HIPAA requirements?

    Can PCI DSS meet the Health Care Industry's HIPAA requirements?

    syedzafer5 pointsBadges:
  • Password policies on Google Compute Platform for PCI DSS compliance

    Would there happen to be a way to set password policies for accounts on Google Compute Platform? I'm trying to meet PCI DSS requirements. I need to include expiring passwords every four months or so, password strength and preventing re-use of passwords. Thanks!

    ITKE440,705 pointsBadges:
  • Key management for PCI DSS compliance

    Sorry for the short question but does anyone have any experience with a scheme that implements a key management scheme what complies with PCI DSS security standards? Thanks so much!

    ITKE440,705 pointsBadges:
  • PCI compliant for my payment gateway

    I've been thinking about using eWay for my payment gateway. But it offers two options: A user can either type in their credit card information on the hosted website or they can use my own form / send the data though my server to the back end. I'm leaning towards using the second option. I spoke to...

    ITKE440,705 pointsBadges:
  • PCI DSS restrictions for source code repository management

    Are there any restrictions when it comes to source code repository management under PCI DSS? This is our related to our credit card processing service for clients. Thanks!

    ITKE440,705 pointsBadges:
  • How to make my website PCI compliant

    Here's what I have: I'm using a payment gateway for my website and so I provide my own credit card details form and send data to the back end through XML. Should I need to worry about PCI compliance? As long as my website is on SSL, I don't have to worry right? Thanks!

    ITKE440,705 pointsBadges:
  • DDoS mitigation for Windows Server 2008 R2

    We are doing our PCI compliance scans and our Windows Server 2008 R2 was hit by a Nessus Plugin ID. Should I be worried? It has DDoS in the title so that scares me. Here's what it says: Plugin ID: 35450 Name: DNS Server Spoofed Request Amplification DDoS Synopsis: The remote DNS server could be...

    ITKE440,705 pointsBadges:
  • Would psexec cause a failure in a PCI DSS compliance scan?

    I'm hoping someone can shed some light on my question: Would psexec cause a failure in a PCI DSS compliance scan? I've been told that it can't be used by administrators in the CDE. Thanks so much.

    ITKE440,705 pointsBadges:
  • Get SMTP Port 25 to be PCI compliant

    We're running a PCI compliance scan on our server and it keeps failing on port 25 with this message: SSL Server Supports Weak Encryption nCircle ID: 6174 Port: 25 CVSS Score: 5.8 Not Compliant Description The SSL (Secure Socket Layer) Server supports weak encryption keys, which are defined as...

    ITKE440,705 pointsBadges:
  • PCI scan failure for SSL certificate

    We did a PCI scan for one of our clients and it says they failed due to the SSL certificate, for SMTP Port 25, not matching the domain scanned. Here's what it said: Description: SSL Certificate with Wrong Hostname Synoposis: The SSL certificate for this service is for a different host. Impact: The...

    ITKE440,705 pointsBadges:
  • AWS: PCI DSS – file integrity monitoring

    I have to deploy some file integrity monitoring  / intrusion detection software on our AWS instances. We wanted to use OSSEC but we realized it doesn't work well in our environment (our servers auto deploy and shut down based on load). What should we use that covers PCI DSS on AWS (hopefully it's...

    ITKE440,705 pointsBadges:
  • Timeout SSH sessions after inactivity for PCI compliance

    For PCI DSS requirements, if a session is idle for more than 15 minutes, the user will have to re-authenticate to re-activate the terminal or session. So, because of this, we had to deal with SSH sessions that are idling at the bash prompt by enforcing a global $TMOUT of 900. But we realized that...

    ITKE440,705 pointsBadges:
  • Is there a payment gateway that doesn’t require PCI compliance?

    Recently, I've been looking to use Authorize.NET (CIM and DPM solutions). However, we can't reference a CIM profile in the DPM. Basically, I need to become PCI compliant because this handles credit cards. Here's my question: Is there something similar to Authorize.NET that allows our site to never...

    ITKE440,705 pointsBadges:
  • Apache SSLCipherSuite continues to fail in PCI compliance scan

    We have a Fedora server that's running on Apache to pass a PCI DSS compliance scan by McAfee. Here's what we used for the default SSLCipherSuite and SSLProtocol. SSLProtocol ALL -SSLv2 SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP So it failed because of weak ciphers. We changed it...

    ITKE440,705 pointsBadges:
  • PCI compliance: Disable AUTH on Port 25

    Due to PCI compliance, we have to disable plaintext authentication. We were able to do this through encapsulating communications between our mail server and clients with TLS on port 465. Here's where the problem is: Port 25 has to remain open / unencrypted for us to receive mail, but it shouldn't...

    ITKE440,705 pointsBadges:
  • Should I worry about my POS system terminal for PCI compliance?

    I've been getting into PCI DSS lately (because my organization asked me too). Our company accepts payments using a POS terminal that's connected to the Internet though the office LAN. Our terminal isn't integrated with any payment processing apps, just paper receipts. Should I worry about PCI...

    ITKE440,705 pointsBadges:
  • PCI DSS: Enforce password management for ASP.NET

    I've been working on our PCI DSS assessment. I already know that passwords must be changed every 90 days / different than previous passwords. But I'm not sure if this is for access to the server or to the app we provide to users on the server. If it's the second part, can we enforce this in ASP.NET...

    ITKE440,705 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.