mailing list archives
RE: PCI, EFS and the future?
From: "dave kleiman" <dave () davekleiman com>
Date: Sat, 3 Feb 2007 01:02:35 -0500
Correct me if I am wrong.....but I thought I remember reading that the DSS
specifically stated that keys could not be tied to user accounts, which they
are in EFS. Or, was that only for certain pieces of data?
Dave Kleiman - http://www.davekleiman.com/about.php
From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com] On Behalf Of Nick Vaernhoej
Sent: Friday, February 02, 2007 12:04
To: security-basics () securityfocus com
Subject: PCI, EFS and the future?
Good morning list
In the past I have asked about encryption solutions to
attain PCI compliance.
There are numerous solutions our there and I have some
questions about EFS in particular.
We are trying to create a small area on our corporate
fileserver to be an encrypted location. When used with EFS
this area should be transparent to the end user since it
ties into AD.
My gut feeling is telling me that EFS is the wrong
solution and I fear that it won't be in compliance with
PCI's data at rest specs.
Does anyone have any experience with EFS file level
encryption, PCI and what the future outlook is?
Are you looking at a replacement product because the
auditor didn't find EFS adequate?
"Quidquid latine dictum sit, altum sonatur."