mailing list archives
Re: PCI DSS
From: evilwon12 () yahoo com
Date: 23 Aug 2007 15:08:04 -0000
PCI DSS is vague on certain things (at best). However, you did not state what level of a Merchant you are, which adds
or subtracts plenty of things that you must do.
My guess is that you are referring to Section 11. Note, that for most of the time, you are only required to have
quarterly scans - which is what you are probably being quoted on. Only once a year does a pen test need to be done
(unless their are major changes) and even then I think it depends on your level. Even then, are you hosting the
application and data or outsourcing it? If you are outsourcing everything, you may not ever need to have a pen test
So, what is it that you are really asking?
- PCI DSS security guy (Aug 22)
- <Possible follow-ups>
- Re: PCI DSS alistair . fletcher (Aug 23)
- Re: PCI DSS evilwon12 (Aug 23)
- FW: PCI DSS Craig Wright (Aug 23)