mailing list archives
RE: PCI, EFS and the future?
From: "7thangel" <7thangel () powernet co uk>
Date: Tue, 20 Feb 2007 09:52:12 GMT
sorry for the late input on this one, but with regards to
PCI compliance I would recommend looking at the Cyber-Ark
Vaulting solution as it cover many of the issues raised with
this compliance standard along with the others and are
already the largest player in this market space.
3.4.1 If disk encryption is used (rather than file- or
column-level >Database encryption), logical access must be
managed >independently of native operating system access
control >mechanisms (for example, by not using local
system or Active >Directory accounts).
Decryption keys must not be tied to user accounts.
The wording suggests this applies to databases. Not file
How does it suggest that? This is about encrypting data,
not the containers data might be found in.
This message has been comprehensively scanned for viruses,
please visit http://www.avg.power.net.uk/ for details.
- RE: PCI, EFS and the future?, (continued)
- RE: PCI, EFS and the future? 7thangel (Feb 20)