PDA

View Full Version : PCI DSS Q&A

Pages : [1] 2 3 4 5
  1. Gateway/Processor Compliance Criteria
  2. Welcome to PCI Answers
  3. Pen Testing Requirements
  4. PCI Audit by Internal Audit
  5. Vendor Compliancy Dates
  6. PAN (account number / card number) digits to be displayed
  7. Company move - Physical relocation & PCI
  8. Rules for small online merchants
  9. Audit Timing
  10. Wireless Scanning obligations for merchants
  11. Fines for Non-Compliance
  12. Encryption requirements for PANs in databases
  13. Network Sniffing and PCI
  14. Disk Encryption
  15. Compensating Controls - Lack of IDS
  16. Background Checks
  17. Mainframe/AS400 Best Practice
  18. public key authentication
  19. SQL Database Replication - Does it meet requirement?
  20. PAN Masking
  21. Destroying back ups of keys
  22. Compensating Controls - Requirement 2.2.1
  23. Compliance and Point of Sales
  24. non-console access, 2.3
  25. Incident Response Testing
  26. PCI DSS Applicability Information
  27. Back-up Network Q
  28. Not a Connected entity? (12.10)
  29. SIEM/ Log monitoring
  30. PAN in IVR
  31. sensitive authorisation data
  32. More (or less) on encryption requirement
  33. CVV2/CVC2 - yet again.
  34. Non-Merchant/Service Provider Entity...PCI On-Site Audit Required?
  35. Limiting the Scope for Assessment
  36. Section 12.8 requirements
  37. Terminals - Single Use
  38. Is virtualization compliant
  39. POS and PCI requirements
  40. 2-way encryption
  41. How to define the environment?
  42. application types?
  43. Mainframe Encryption
  44. Security reports for Audits and Compliance
  45. Is it allowed to print a full PAN on a customer receipt?
  46. File Integrity Monitoring - Compensating Controls
  47. Application Hosting Service Providers
  48. POS system A/V and spyware
  49. Evaluating Logging Appliances (10.X)
  50. Satisfying "dual control" and multiple admins
  51. Will PCI DSS make small ISOs disappear?
  52. Enterprise Directories and 8.5.5 Compliance
  53. Record Retention Policy in a payment card processor
  54. Cost to become DSS compliant for level 4 merchant?
  55. PCI item 3.6.4 Periodic Key Changes
  56. Windows NT and PCI Compliance
  57. 8.5 Remove inactive user accounts at least every 90 days
  58. Insurance Companies and their Agents
  59. POLL: Solutions for meeting PCI Compliance
  60. POS-Password requirements-Windows passwords
  61. PCI Compliance project
  62. Mass network segmentation
  63. PCI DSS Report Templates
  64. Limitation of Scope and Active Directory
  65. Web hosting providers
  66. Control 6.6
  67. Legally breaking the DSS
  68. Split Knowledge and Dual Control PCI Requirement
  69. PCI compliance and POS software
  70. Encryption requirement
  71. Remove the need for Password Complexity in Linux - Use SSH Keys?
  72. "Data at Rest"
  73. Encryption with Oracle / Stored Procedures
  74. Rated audit procedures
  75. Log Validation Question?
  76. Patch Mgmt - Vulnerability Scans for Workstations
  77. CVC2 Authorisation for back orders
  78. I don't store PCI data, I just issue cards as a small bank...
  79. 1.3.8 - WLAN - what is this trying to say exactly
  80. Quarterly network scans
  81. Use of server virtualization to create network zones
  82. Cross cut shredder
  83. PCI requirements in transmitting cardholder data
  84. Clarification request.
  85. Expired Self Assessment
  86. Avionics and PCI
  87. Masking PAN
  88. Use of Credit Card Data as reference for identification
  89. Non-compliance fines in Europe
  90. Level 4 paper based merchant - PCI/DSS ??
  91. Card Expenditure Information Management Software
  92. Removal of Credit Card Data (Outsourced) from Network
  93. web app accepts credit card numbers
  94. 6.6 Clarification
  95. Information Requested!
  96. some basic information required
  97. Requirement 8: Unique ID
  98. Two-factor authentication
  99. First time unique password
  100. encrypted email & data stored on server
  101. Credit Card data location
  102. Identifying Credit Card Details within Emails
  103. Type of Firewall
  104. Mailed Prohibited Data
  105. Is Amex doing their own thing?
  106. Third party web hosting
  107. Internal Audit - L1 Merchants
  108. Dedicated Credit Card Payment Terminals & CHD Envrionment
  109. Plesk Software : PCI req 2.2.4
  110. Credit card vs. debit card algorithm
  111. Compliance requirements for 3rd parties?
  112. Split knowledge key
  113. Section 1.1.4 Clarification.
  114. Determining strength of a compensating control
  115. 90 day password change policy
  116. Level 1 Annual On-Site Security Audit Clarification!
  117. 3.6.10 Key Custodians form
  118. Policy
  119. Req 10 Discrepancies
  120. Security Tools
  121. Synchronize router configuration files
  122. POS and PCI (Yet Again)
  123. Transmission encryption
  124. Opions Requested Please.
  125. Back-out procedures
  126. External Scans?
  127. Regarding separation of servers
  128. PCI DSS Novice Questions...
  129. cvv2 in voice recordings....
  130. 10.2.7 Creation and deletion of system-level objects.
  131. Enrypted Data Delivery
  132. Does PCI DSS apply to my company?
  133. apps that have nothing to do with credit card info?
  134. "system components"??
  135. Shared web hosting and the tiny merchant
  136. Use of Network Services Provider
  137. Application Encryption Vs TDE for cards stored in a DB
  138. CVV2 data -ok to store and then forward?
  139. Remote Access question
  140. 12.8.1
  141. 3.2 Question re. duration
  142. Re-Audit Question
  143. Rc4
  144. Application Layer Firewall/Content Filtering - Decrypt SSL packet for inspection?
  145. Factors
  146. California AB 779 Payment Verification Code and Value
  147. Two Factor Authentication - Cisco Secure Remote VPN
  148. PCI DSS, PCI PIN, Merchant and Service Provider
  149. Definition of System Level Object
  150. Is a hosting provider responsible for PCI compliance of its customer's application
  151. Firewall Packet Filtering
  152. Shared user name and password
  153. Outlook forms that send credit card info
  154. 2.2.1--Clarification Request.
  155. Web Application Scope
  156. The practical definition of Host Intrusion Detection
  157. Software, hardware firewall
  158. Network Layer Penetration Testing
  159. Compensating Controls PCI DSS 3.4
  160. Truncation of data
  161. Definition of "system configuration standards"
  162. timescales
  163. 5.1 Clarification Request.
  164. Open Items Question
  165. QSA required to evaluate/affirm compensating controls?
  166. Scope with truncated data?
  167. Scan / Fax of CHD - Advice please!
  168. Service charges
  169. pci policy
  170. Is DMZ required?
  171. Level 1 service provider?
  172. Credit card terminals on LAN
  173. Web Application Scope - Another
  174. e-commerce transactions and payment gateways
  175. hardcoding passwords in code
  176. Application Scope
  177. Which Windows event logs to monitor?
  178. 3.6.6 - Split knowledge of keys
  179. DR Hosting Provider
  180. Level 4 Merchant with no Online Transactions
  181. Network Segmentation
  182. 6 Million per Vendor or Combined?
  183. Service Provider
  184. Payment Service Provider Exempt From 12.8?
  185. Questions To The PCI SSC
  186. Split knowledge / Proper storage of keys - Data at rest scenario
  187. Do Cardholders have to be PCI DSS compliant?
  188. Firewall placement and PCI compliance
  189. Proxy based firewalls
  190. Merchant vs. Service Provider
  191. Contactless Payments / RFID Readers
  192. Proprietary Encryption Algorithms
  193. Self Assessment Questionaire
  194. Safe Harbor
  195. Source Code Analysis and Web Application Scanners?
  196. HP3000 - PCI Compliant Device?
  197. Small merchant - Need help understanding questions
  198. PCI and compliance deadline
  199. Hosting Provider Compliance?
  200. SSL v2 and PCI DSS Compliance
  201. Hashed and Truncated Data
  202. Validation at DBA level
  203. Using secure web site only
  204. Scanning Procedures and Mail Servers
  205. Requirement 9.2 Visitors/Personnel easily distinguishable
  206. Network "scope" / Segmentation Question
  207. Date for 6.6 to be 'in place'?
  208. Segmentation question "Communicating into the CHE"
  209. Required to comply?
  210. MPLS - private or public
  211. Question about HSM-less batch processing
  212. Please advise on this weird compliance situation
  213. PCI DSS General clarifications
  214. Encrypt data other than PAN
  215. Regarding ssl connection on a server
  216. Network Security
  217. Question on wireless segmentation
  218. Service Accounts and PCI Compliance
  219. Vulnerable Payment Applications
  220. Quarterly Vulnerability Scans
  221. 4.1.1. clarification
  222. Remote Travel Agents Working From Home
  223. 1.3.4 and SBS 2003
  224. Website with Frames - Scope Question
  225. Firewall for internal server
  226. Versions of software
  227. Wireless device compliance
  228. Compliance dates
  229. Bank Tactics
  230. Req 1.3.9 and jumpstations
  231. Requirement 8.4, stored passwords
  232. Point of Sale Logging
  233. Confusion on MasterCard Reciprocal Clause
  234. Service Provider w/o Acquirer - Does that make sense?
  235. Wireless confusion
  236. POS logging - IBM 4690
  237. Internet Merchants - In or out of scope
  238. Internet Merchants - In or out of scope
  239. Firewall requirement on servers
  240. App Pen Testing Requirement by Breach App FW?
  241. Hashing Versus Encryption
  242. Keeping a Commerce Website Out of Scope
  243. Requirement 2.3, encrypting non-console access
  244. 8.5 and Application Service Providers
  245. cc data discovery tools
  246. Pci 1.1
  247. PCI compliance in desktop application
  248. 3rd Party Application/Colocation Facility Question
  249. requirement 6.6
  250. PSP Full Compliance