mailing list archives
RE: PCI, EFS and the future?
From: "Dan Anderson" <dan-anderson () cox net>
Date: Sun, 18 Feb 2007 04:03:31 -0600
3.4.1 If disk encryption is used (rather than file- or column-level
Database encryption), logical access must be managed
independently of native operating system access control
mechanisms (for example, by not using local system or Active
Decryption keys must not be tied to user accounts.
The wording suggests this applies to databases. Not file servers.
How does it suggest that? This is about encrypting data, not the containers
data might be found in.