PDA

View Full Version : PCI DSS Q&A

Pages : 1 2 [3] 4 5
  1. Non-console rdp access for windows systems
  2. PCI Compliant Fax Solutions (9.6: 3.1, 3.3, 3.4, 4.1, 4.2, 12.8.1, 12.8.2)
  3. PAN Last 10 Digits
  4. Fake CA cert created using MD5 collisions
  5. PCI Security Standards Council Reference #022007249
  6. Bluetooth Encryption
  7. Visa Gas Pump Deadline
  8. File encryption solution.
  9. Encryption and Key Management solution
  10. PCI DSS 6.3.2 Clarification
  11. PCI Standards Presentations
  12. Help desk access to webserver across the Internet.
  13. POS terminals vs vulnerability scan
  14. Scoping Question - DMZ
  15. Question of Scope
  16. PCI DSS in Saudia Arabia
  17. Scope of scan
  18. Shared Hosting and PCI DSS
  19. PCI DSS 12.3.4: Interpretaion of device
  20. Scope Creep?
  21. Mandatory On-Site Data Center Visits?
  22. Questions about PCI documentation/reporting
  23. Questions about encryption of customer data on consultant's laptops
  24. Questions about 2 ASV requirements
  25. Basic PCI question
  26. SSL v2 or V3
  27. Software piracy
  28. PCI DSS req. 3.3
  29. Determining Merchant level
  30. Complete 3rd Party Outsourcing
  31. Disaster recovery plan
  32. Internal Scan Scoping and Procedures Question
  33. ASV Scans: ICMP ECHO compliant or not?
  34. PCI DSS req.9.2
  35. Threat from Keyloggers
  36. Procedure for unmasking PANs
  37. PCI Scope for Issuer Banks
  38. PGP Passphrase storage & usage
  39. 5.2 - "actively running"
  40. v1.2: remediation requirements for application vulnerabilities?
  41. Internal and external
  42. Cardholder Data Clarification
  43. Submission of documents with IP addresses
  44. PCI DSS China?
  45. Conglomerates, subsidiaries, and acquirers
  46. How can I get started?
  47. Acquirer scans
  48. Contracted Vendors and 12.8
  49. Shared Hosting - Getting started with PCI
  50. What is the difference between the Service code and the CID, CAV2, CVC2 and CVV2????
  51. ...and what exaclty is the "Service Code" used for??
  52. What about an application that "phones home"?
  53. PA-DSS and July 2010
  54. Retailer Phishing Scam
  55. Verizon Broadband card PCI compliant?
  56. Hardest Thing About PCI DSS?
  57. Question of outsourcing payment processing
  58. Vendors Running CCs over Your Network
  59. PCI DSS is FUN!! (Compliance from scratch)
  60. Legacy Code Platform Compliance?
  61. Unattended POS terminals
  62. Grocery chain and wireless ordering questions
  63. I need advice on a 2 factor authentication system
  64. Code Review or Web Application Firewall
  65. POS scoping question
  66. Production vs. Test
  67. Mag Stripe Reader Compliance
  68. Non-applicability of external scanning
  69. Voice Data!
  70. "No Impact Change Report" for Versioning?
  71. PCI DSS Antivirus Replacement
  72. Recovering the Cost of Compliance from Customers
  73. Domain Controller & FileShare Server
  74. Removing WEP networks from Scope?
  75. In or out of scope?
  76. Workstation Scoping!
  77. What is a Certificate of Compliance?
  78. Individual Card Brand Operating Regulations - SAD retention pre authorisation
  79. Scope of Compliance
  80. Contrasting PED/EPP with MSR Requirements?
  81. PCI Documentations
  82. PCI DSS and Citrix
  83. SNMP v2
  84. SNMP community string changes
  85. Published Versioning Issue, maybe...
  86. Log Data and Use of UDP
  87. Insuring against potential PCI related liability
  88. Req. 9.7.1 media classification
  89. MQ series and PCI Compliance
  90. Can we give "Trace" Files to a PCI DSS Compliant software developer?
  91. Can a Service Provider also be a Shared Hosting Provider?
  92. What does it take to become a ASV
  93. HomeATM: First Ever Web PCI 2.0 PED Cert
  94. Minimizing scope
  95. Physical security
  96. E2E Encryption Prescription Is Bad Medicine
  97. Encrypted transmission of cardholder data
  98. Acting as an agent for a merchant
  99. AJAX, Web services and PCI
  100. IPhone App and PCI
  101. Deciding which SAQ with Microsoft RMS
  102. Question on Enterprise Admin access...
  103. Is Heartland/WorldPay Suspect in Custody?
  104. Encrypted cardholder data is NOT cardholder data !!??
  105. 10.2.1 - All individual accesses to cardholder data
  106. Flat network
  107. Who should see your SAQ?
  108. scan validation requirement
  109. Exception Processing and PCI Requirements
  110. PCI Services
  111. Confusion/Conflict Resolution
  112. Payment Card Industry Swallows Its Own Tail
  113. PCI SSC Member QSA Training
  114. I need an advice
  115. Need Help on Finding Good Payments Industry Resources
  116. Is "Cards & Payments" a good resource?
  117. Getting Exceptions from Acquirer?
  118. PCI DSS req. 4.1
  119. Call Recording and Screen Scraping
  120. Acquirer/Issuer banks
  121. Quarterly scans necessary?
  122. Service Provider with limited access to card data
  123. CVV and mail order
  124. PCI DSS Requirement 10: Track and monitor all access to network resources and cardhol
  125. IBM ZOS Mainframe and EAL-5
  126. Can a Level 2,3,4 Merchant get a Level 1 PCI Report on Compliance??
  127. Retrieve Customer PIN
  128. What can be done on the workstation?
  129. PAN in emails
  130. Drivers License and SSNs?
  131. AIX server hardening
  132. ATM Replacing for PCI Complianct
  133. Antivirus on Linux, really?
  134. Security Awareness Acknowledgment
  135. Requirement 1.0 & 1.1 Scope
  136. 6.5 development process
  137. Patch Testing Compensating Control
  138. Visa mandate June 2009 CVC Required
  139. AV software
  140. Advice with Requirement 2.3 on Suse Linux (AS400 LPAR) Power Series??
  141. Unique ID/Passwords (8.5.8 & 8.5.16
  142. Scan requirement related to a mainframe
  143. 6.3.4 Sanitizing Live Data
  144. 1.3.3 - outbound traffic from the cardholder data environment
  145. Link to PayPal
  146. Encryption required for partial cardholder data
  147. Requirement 7.1
  148. Reducing scope to web servers
  149. Walmart commentary
  150. req 12.5.5
  151. 11.1 - How do you use wired analysis tools effectively w/wireless analysis tools
  152. Reporting Requirement For PCI DSS
  153. Rigid Dates for Future Compliance
  154. Definition Request
  155. Insurance Against Breach Exposure
  156. Yet another scoping question
  157. level 2 or level 4?
  158. PCI DSS Remediation Output
  159. PCI DSS and Business Continuity
  160. “Incident Response Plan”
  161. 2-factor logins not required if...
  162. 1.1.2 Current network diagram.
  163. Hosted Websites - Merchant Compliance Requirements
  164. Scoping laptops
  165. 11.4 IPS/IDS What is needed on large network
  166. Small Business Server 2003
  167. section 3.6 - key management
  168. Outbound Connection Question
  169. In scope or not in scope that is the question..
  170. ISeries & LPARS
  171. Req 3.4
  172. Question for Retailers with many stores/locations.
  173. Call Recording Solutions
  174. Pen testing scope
  175. Firewall vs IDS
  176. Feistel Finite Set Encryption Mode (FFSEM)
  177. Quarterly External Scanning.
  178. Network segmentation guidance
  179. Physical Media (paper shredding)
  180. About the database schema
  181. About the 3.1 requirement
  182. Requirement 3.4, Render the PAN unreadable
  183. Requirement 10.2.4 Audit trails and logs
  184. Requirement 10.2.7 system-level objects
  185. 10.3.3 Requirement date and time
  186. Requirement 10.3.5 Origination of event
  187. Requirement 10.3.6 resource
  188. Workstation Host IDS/Firewall as segregation?
  189. When are companies PCI compliance expire
  190. Document management thoughts?
  191. External Scans 11.2 - Disabling perimeter firewalls to accept scanning source
  192. What is guidance on use of SFTPS sites?
  193. 9.9.1 Maintain inventory logs
  194. Merchant Gift Cards
  195. File Integrity Monitoring - What Files to Monitor
  196. Split knowledge and dual control & Web Services
  197. Is it possible to use McAfee HIP to segregate servers?
  198. Interesting leased line issue
  199. Can VLAN's be used as network segmentation and if so what would an QSA look for
  200. Requiremet 1.3.5 Restrict outbound traffic
  201. Merrick Bank v. Savvis: Potential Game Changer
  202. Hosting Provider Customers
  203. DNS Servers - PCI Scope Question
  204. Unencrypted Emails sent - are we responsible?
  205. Acquirer question
  206. End-to-end encryption...how to process the offline/imprint transactions?
  207. 6.3.7 Review of custom code
  208. "Risk based"
  209. What does a 11.1a Report Look Like
  210. PCI-DSS Confusion
  211. Tokenization/hashing
  212. Amex requesting unecrypted CC#s
  213. A/P Article On PCI
  214. Level 1 Merchant AOC
  215. This is where I'm getting my advice
  216. New to PCI and the Forums
  217. PCI SAQ C questions.
  218. DMZ requirement
  219. "Mastercard gets tough on level 2 merchants"
  220. Configuration Standards
  221. dm-crypt and key management
  222. Install and maintain firewall configuration
  223. QSA vs. CPISM/CPISA
  224. More Internal Scoping Questions
  225. Auditable Event Definition
  226. Bill Pay Service Providers
  227. Rogue AP Scans - What are you doing?
  228. Savvis Files Motion to Dismiss Merrick Bank Lawsuit
  229. How & in what capacity does your organization store, process and transmit cardholder?
  230. Question on Email Server
  231. NAT (Network Address Translation) 1.3.7
  232. credit recovery and collections department in an issuing bank
  233. Outsourced development activity
  234. Segmentation of CDE - Experience in scope reduction /costs
  235. Req 2.4 Question
  236. Camera's in DC
  237. Restaurant bartenders holding tabs open by keeping credit cards behind the bar
  238. automated access control
  239. Trusted vs Untrusted
  240. New Member PCI Questions
  241. Value of being a Participating Organization?
  242. 2.2.1 One primary function per server
  243. PCI DSS - Penetration Test Report
  244. pci certification
  245. Requirement 10 question
  246. verification of equippment which is not in PCI scope
  247. PCI Incident Response: A Legal Perspective
  248. 3.2.* Database schemas
  249. QSAs now want scanning for stored Card Data performed
  250. Logging