mailing list archives
RE: PCI, EFS and the future?
From: "Gressick, Michael" <mgressick () cybersource com>
Date: Tue, 6 Feb 2007 08:54:59 -0800
May I ask why you feel that EFS is the wrong solution? On the face, it
seems to satisfy all the PCI data storage encryption requirements ....
Funny, Visa just hosted a PCI-DSS seminar at their offices in Foster
City and this very issue came up...
Section 3.4.1 of PCI-DSS 1.1 specifically states that "Decryption keys
must not be tied to user accounts." The gentleman that was speaking, a
Mr. Chris Mark said they were specifically talking about EFS but could
not call it out by name.