Home page logo
/

basics logo Security Basics mailing list archives

Re: PCI DSS
From: evilwon12 () yahoo com
Date: 23 Aug 2007 15:08:04 -0000

PCI DSS is vague on certain things (at best).  However, you did not state what level of a Merchant you are, which adds 
or subtracts plenty of things that you must do.

My guess is that you are referring to Section 11.  Note, that for most of the time, you are only required to have 
quarterly scans - which is what you are probably being quoted on.  Only once a year does a pen test need to be done 
(unless their are major changes) and even then I think it depends on your level.  Even then, are you hosting the 
application and data or outsourcing it?  If you are outsourcing everything, you may not ever need to have a pen test 
done.

So, what is it that you are really asking?


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]