Home page logo

basics logo Security Basics mailing list archives

RE: PCI, EFS and the future?
From: "Gressick, Michael" <mgressick () cybersource com>
Date: Tue, 6 Feb 2007 08:54:59 -0800

May I ask why you feel that EFS is the wrong solution? On the face, it
seems to satisfy all the PCI data storage encryption requirements ....

Funny, Visa just hosted a PCI-DSS seminar at their offices in Foster
City and this very issue came up...

Section 3.4.1 of PCI-DSS 1.1 specifically states that "Decryption keys
must not be tied to user accounts."  The gentleman that was speaking, a
Mr. Chris Mark said they were specifically talking about EFS but could
not call it out by name.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]